X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Thorsten Kampe <thorsten AT thorstenkampe DOT de>
Subject:  Re: using sshd as a non-administrator: minor issues and an aliasing  question
Date:  Wed, 25 Oct 2006 17:52:26 +0100
Lines: 59
Message-ID: <eho4o4$8po$1@sea.gmane.org>
References:  <6989476 DOT post AT talk DOT nabble DOT com>
Mime-Version:  1.0
Content-Type:  text/plain; charset="iso-8859-15"
Content-Transfer-Encoding:  7bit
User-Agent: MicroPlanet-Gravity/2.70.2067
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

* eyalroz (Wed, 25 Oct 2006 03:18:26 -0700 (PDT))
> I just installed cygwin with the sshd package on a machine on which I do not
> have admin privileges. The installation of cygwin went fine, and I'm having
> (minor) trouble with sshd:
> 
> 1. (minor issue) When I run ssh-host-config I get a plethora of error
> messages, but they seem mostly harmless, i.e. trying to access places where
> only an admin would go, service lists, etc. Of course, one would except the
> script to check what privileges the user running it has, and only act
> admin-ishly if it is running for an admin, but nevermind.

The approach is different: some things (like creating a user account 
and creating a service) are introduced with a warning that they 
require admin rights. As these require different privileges i think 
the script's approach is less error prone. But Corinna is the definite 
source to that.
 
> 2. (semi-minor issue) If I try to run sshd, even with
> sePrivilegeSeparation=no, I get:
> 
> Privilege separation user sshd does not exist
> 
> ... which, so I gather, is due to the following:
> 
> http://cygwin.com/ml/cygwin/2006-10/msg00250.html
> 
> WWHHHYYY did they do that?

Cluelessness.

> Anyway, I fabricated an sshd user by copying my own user line in
> /etc/passwd and replacing the username with sshd. This allows
> sshd.exe to run, fork, background itself and stay running - but I'm
> not sure if what I did is "The right thing (TM)".

I think Corinnna mentioned in the same thread this solution so it 
should be the right thing.
 
> Now for my questions:
> 
> 1. Should I have installed/configured cygwin/sshd/both in a different way?

If you don't run sshd as a service all you need are the keys - so to 
my knowledge you don't have to install sshd at all with ssh-host-
config.

> 2. Should I report a bug about any of these issues? If so, where to?

Upstream to OpenSSH.

> 3. How do I add new username/password combinations other than my real NT
> username and password? I want the sshd to only accept myalias/tehfauxpass
> instead of myrealuser/therealpass , and of course not try to switch users to
> myalias but rather allow work as myrealuser.

Can't be done in my opinion as /etc/passwd is just a wrapper to the 
SAM where the real password hashes are stored.

Thorsten


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/