Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3da3d8310510201431n1782b7a4u1e6e8e87548931c4@mail.gmail.com>
Date: Thu, 20 Oct 2005 17:31:36 -0400
From: Eliah Kagan <degeneracypressure AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: sshd refuses ssh connections
In-Reply-To: <20051020153033.GA11898@panix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
References: <4356C85C DOT 130BF479 AT dessent DOT net> <20051020153033 DOT GA11898 AT panix DOT com>
X-IsSubscribed: yes
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id j9KLVmY7032347

On 10/20/05, Albert Lunde <atlunde AT panix DOT com> wrote:
> On Wed, Oct 19, 2005 at 03:27:40PM -0700, Brian Dessent wrote:
> > > No, it's a red herring.  The host keys should be readable only by the
> > > process that runs sshd.  This must be SYSTEM in order for impersonation
> > > to work.  Thus they should be readable only by SYSTEM, and that is how
> > > ssh-host-config sets things up, correctly.  So if you try to run sshd as
> > > your normal user account, it will not work.  That's why it's a bad idea
> > > to mess around with running sshd from a regular prompt, because you will
> > > run into all kinds of permissions/ownership issues unless you know
> > > precisely what you're doing.
> >
> > The footnote to this is that if you obtain a shell as the SYSTEM user,
> > you can run sshd from a prompt in debugging mode without any issues.
> > There is a script somewhere in the mailing list archives, I think it's
> > called "sysbash", that achieves this.
>
> One can also do this with the commercial product "Firedaemon"
>
> http://www.firedaemon.com/
>
> which is a generic service control GUI.

Or with srvany.exe from Microsoft. See the Microsoft Knowledge Base
article "How To Create a User-Defined Service":

http://support.microsoft.com/default.aspx?scid=kb;en-us;137890

That article is written for NT and 2000, but if you're running XP or
Server 2003 it works just as well--just get srvany.exe and instsrv.exe
from the free Windows Server 2003 Resource Kit Tools:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd

(You may have to paste that link together.)

You could also use Sysinternals' psexec to execute an application as
SYSTEM on your own computer (if you have the File and Printer Sharing
service installed). This also works by installing a service that runs
the application.

http://www.sysinternals.com/Utilities/PsExec.html

-Eliah

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/