Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <4356C85C.130BF479@dessent.net> Date: Wed, 19 Oct 2005 15:27:40 -0700 From: Brian Dessent MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: sshd refuses ssh connections References: <435684E8 DOT 4040800 AT equate DOT dyndns DOT org> <43569987 DOT 7050104 AT equate DOT dyndns DOT org> <4356C583 DOT 4719DB71 AT dessent DOT net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com Brian Dessent wrote: > No, it's a red herring. The host keys should be readable only by the > process that runs sshd. This must be SYSTEM in order for impersonation > to work. Thus they should be readable only by SYSTEM, and that is how > ssh-host-config sets things up, correctly. So if you try to run sshd as > your normal user account, it will not work. That's why it's a bad idea > to mess around with running sshd from a regular prompt, because you will > run into all kinds of permissions/ownership issues unless you know > precisely what you're doing. The footnote to this is that if you obtain a shell as the SYSTEM user, you can run sshd from a prompt in debugging mode without any issues. There is a script somewhere in the mailing list archives, I think it's called "sysbash", that achieves this. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/