Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com From: =?ISO-8859-1?Q?Ren=E9_Berber?= Subject: Re: sshd refuses ssh connections Date: Wed, 19 Oct 2005 16:57:25 -0500 Lines: 90 Message-ID: References: <435684E8 DOT 4040800 AT equate DOT dyndns DOT org>

Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) In-Reply-To: OpenPGP: url=ldap://keyserver.pgp.com X-IsSubscribed: yes Marc Jourdeuil wrote: > If the mode of the host keys is readable by other, sshd won't start. > /var/log/sshd.log >=20 > chmod g+r ssh_host_dsa_key > chmod g+r ssh_host_rsa_key > chmod g+r ssh_host_key Whoa there! I never said "change them", don't touch that. [snip] > /usr/sbin/sshd -D -dd > debug2: load_server_config: filename /etc/sshd_config > debug2: load_server_config: done config len =3D 187 > debug2: parse_server_config: config /etc/sshd_config len 187 > debug1: sshd version OpenSSH_3.9p1 > debug1: private host key: #0 type 0 RSA1 > debug1: read PEM private key done: type RSA > debug1: private host key: #1 type 1 RSA > debug1: read PEM private key done: type DSA > debug1: private host key: #2 type 2 DSA > /var/empty must be owned by root and not group or world-writable. Check /var/empty, it should be created by the script and look like: $ ll /var/empty total 0 drwxr-xr-x+ 2 SYSTEM None 0 May 20 2004 ./ > Like this, ssh starts. I don't follow, like this means... > when you run ssh-host-config, if the keys already exist, it leaves them as > is, which is fine. > netstat -abn -> b is not a vaild option In Windows XP it's a valid option... $ netstat /? Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval] -a Displays all connections and listening ports. -b Displays the executable involved in creating each connectio= n or listening port. In some cases well-known executables host ... Anyway you can also use tcpview from www.sysinternals.com if needed. [snip] > sshd is running again. > The password file is correct for W2K, according to > /usr/share/doc/Cygwin/login.README >=20 > p4-3000:marcj:{/etc}224 % ps -ef > UID PID PPID TTY STIME COMMAND ... > SYSTEM 1156 1 ? 15:04:57 /usr/bin/cygrunsrv > SYSTEM 1716 1156 ? 15:04:57 /usr/sbin/sshd ... > I have turned off the firewall. >=20 > ssh marcj AT 127 DOT 0 DOT 0 DOT 1 > ssh_exchange_identification: Connection closed by remote host [Rant: stop repeating the same thing] > p4-3000:marcj:{/etc}225 % ssh -vvv localhost > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004 > debug1: Reading configuration data /etc/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to localhost [127.0.0.1] port 22. > debug1: Connection established. > debug1: identity file /home/marcj/.ssh/identity type -1 > debug1: identity file /home/marcj/.ssh/id_rsa type -1 > debug1: identity file /home/marcj/.ssh/id_dsa type -1 > ssh_exchange_identification: Connection closed by remote host Your user "marcj" doesn't have keys. Read /usr/share/doc/Cygwin/openssh.README, run ssh-user-config (additional = info in man ssh-keygen and ssh_config). --=20 Ren=E9 Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/