X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: "H.S." Subject: installing minimal Cygwin on XP for ssh and rsync Date: Thu, 22 Jun 2006 18:37:30 -0400 Lines: 204 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060607 Debian/1.7.12-1.2 X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com I installed Cygwin on XP yesterday to get ssh and rsync servers running. I have done this before and shared my experiences on this list earlier as well. Specially the bit about the Zone Alarm causing a problem to connect to the WIndows machine via ssh after reboots. Here are the steps I followed, hopefully this will help others too. Comments and advise or explanations are welcome. NOTE: make sure you are logged in as an administrator before installing and setting up the following stuff. #------------------------------------------------------------# Installling Minimal (sort of) Cygwin: #------------------------------------------------------------# Download the installer file from http://cygwin.com/setup.exe (okay to save it on Desktop) Double click on setup.exe to start installation of Cygwin and follow the prompts with the following choices: -> Install from Internet ->NEXT -> Choose root dir: c:\cygwin ->All Users ->Unix/Binary ->NEXT ->choose dir to download files which will be used for installation. Sort of like a temp dir. Chose C:\tmp\cygwin-downloads or any other of your choice ->NEXT ->Direct Connection ->NEXT Here your firewall, if you have one, will ask if you want to allow setup.exe to connect to the internet. In my case, ZoneAlarm asked if Setup should be allowed internet connection. Allowed. ->Choose a site from "Available Download Sites" ->NEXT ->Package lists will be shown Leave the default packages are they are. But add the following by clicking on "Skip" column for these packages until that columns lists the version that will be installed (see Step 2b at http://pigtail.net/LRP/printsrv/cygwin-sshd.html ): Admin: cron cygrunsrv syslog-ng Archive: unzip zip Editors: vim Net: openssh rsync Web: wget (it is a handy tool) ->NEXT (it will then start downloading the package files) ->at the end, it will ask if you want icons on desktop and start menu. Answer yes. You will get a Cgywin icon on your desktop. Double click on it and a prompt will appear. All is well. Close that window. In Environment variable window(See Step 3 at http://pigtail.net/LRP/printsrv/cygwin-sshd.html for illustration), add a new System Variable: CYGWIN and give it a value of ntsec. Then add the cygwin path,;c:\cygwin\bin, to Environment path variable. See Step 4 of the above web site for illustration. Make Cygwin see users' information: Open the Cygwin terminal (double click on the Cygwin icon you got on your desktop) and give these commands ("$" below means the below): $ mkpasswd --local > /etc/passwd $ mkgroup --local > /etc/group Cygwin is all setup now. #------------------------------------------------------------# Setting up SSH Server: #------------------------------------------------------------# Setup and get sshd running by giving the following commands in the Cygwin terminal: $ cygrunsrv --stop sshd $ cygrunsrv --remove sshd $ ssh-host-config <-- (see more info below) $ cygrunsrv --start sshd The third command above will give an output as shown below. Answer "yes" as shown in the prompts here: ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Privilege separation is set to yes by default since OpenSSH 3.3. However, this requires a non-privileged account called 'sshd'. For more info on privilege separation read /usr/share/doc/openssh/README.privsep . Should privilege separation be used? (yes/no) yes Generating /etc/sshd_config file Warning: The following functions require administrator privileges! Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "ntsec". CYGWIN=binmode tty ntsec The service has been installed under LocalSystem account. To start the service, call `net start sshd' or `cygrunsrv -S sshd'. Host configuration finished. Have fun! ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Now, edit /cygwin.bat (in notepad or in vi editor) to add the CYGWIN env variable line as shown below (I am not sure why all these values are needed, if someone can explain in detail, it would be great): ------------------ $ less /cygwin.bat @echo off CYGWIN=binmode tty ntsec c: chdir c:\cygwin\bin bash --login -i ------------------ Now you can ssh to other machines on your network. If you try to do so, your firewall, if you have one, will ask if sshd should be allowed to connect to the internet, say yes and make sure your firewall remembers this choice -- make it permanent. However, if you have zone alarm running, then after rebooting sshd won't be available, Zone alarm will block all its traffic unless it is run before zone alarm starts. To solve this, make sshd a dependency of vsmon (the zone alarm service) and tcpip service (no point in having sshd running unless tcpip is also running): ------------------ root AT localhost ~ $ cygrunsrv -E sshd <-- this command stops the service root AT localhost ~ $ cygrunsrv -R sshd <-- this command removes the service root AT localhost ~ $ cygrunsrv -I sshd -p /usr/sbin/sshd -f "Cygwin SSH Daemon" -a'-D' -e 'CYGWIN=binmode ntsec tty' -y tcpip -y vsmon (the above is a one long single line command. note the single quotes) root AT localhost ~ $ cygrunsrv -S sshd <-- this command starts the service ------------------ Now, when you reboot the computer, you will be able to ssh to the Windows computer without any problems from zone alarm. #------------------------------------------------------------# RSYNC: #------------------------------------------------------------# Rsync service is not running by default. So no need to try to stop the service unless you know it is already running. You can use "cygrunsrv --list" command to see if it is already installed. Stop it if it is by "cygrunsrv -E rsync" command. Then use the following commands to set it up: -------------------------------------------------------- root AT localhost ~ $ cygrunsrv -I "rsyncd" -p /usr/bin/rsync -a '--daemon --no-detach' ( if /etc/rsyncd.conf already doesn't exist, see the note below, use the following command to create an empty file) $ touch /etc/rsyncd.conf $ cygrunsrv -S "rsyncd" <-- starts the service -------------------------------------------------------- Note: If you do not have an /etc/rsyncd.conf file, upon trying to start the rsyncd service you will get this error: $ cygrunsrv -S rsyncd cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started. If you create an empty /etc/rsyncd.conf, rsync will be happy and will run smoothly. Finally, allow your firewall to remember that rsync should be allowed outside connections. Good luck, ->HS -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/