X-Spam-Check-By: sourceware.org
Message-ID: <467A7116.2060402@cygwin.com>
Date: Thu, 21 Jun 2007 08:37:42 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070505 Remi/2.0.0.0-3.fc4.remi Thunderbird/2.0.0.0 Mnenhy/0.7.5.0
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh configuration
References: <467A518D DOT 5040400 AT advancedsl DOT com DOT ar>
In-Reply-To: <467A518D.5040400@advancedsl.com.ar>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

gga wrote:
> I'm trying to set up ssh (ie. openssh) on cygwin, with not much success.
>  Searching the mailing list did not help either.
> 
> I've downloaded it, installed it, run ssh-host-config, answered all yes.
> I *CAN* ssh from windows to a linux box in my lan.
> But, my windows box fails as a ssh server.
> Not even ssh localhost works.
> 
> Here's the full info:
> 
>> /usr/sbin/sshd.exe -d -d -d -D

Running 'sshd.exe' as anyone other than SYSTEM (on WinXP and earlier O/S's)
is not recommended.  See the email archives for a recipe about how to get
a SYSTEM-owned shell to run 'sshd.exe' from if you want to run it from a
shell.

>> ssh -v -v -v localhost
> OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> debug1: Seeding random number generator
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: restore_uid
> debug1: ssh_connect: getuid 500 geteuid 500 anon 1
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: temporarily_use_uid: 500/544 (e=500)
> debug1: restore_uid
> debug1: temporarily_use_uid: 500/544 (e=500)
> debug1: restore_uid
> debug1: Connection established.
> debug1: identity file /z/.ssh/identity type -1
> debug1: identity file /z/.ssh/id_rsa type -1
> debug1: identity file /z/.ssh/id_dsa type -1
> ssh_exchange_identification: read: Connection reset by peer
> debug1: Calling cleanup 0x41bcc4(0x0)
> 
> ---------------------------------------
> 
> I also tried running ssh-user-config and created all authentications,
> with my password as pass phrase.  Still no go.  And when doing that, ssh
> complains that all the files are invalid, with tons of errors, which
> from other emails I've gathered as "normal".

You certainly need to ru ssh-user-config to log through the 'sshd' server,
so this is the correct thing to do.

> ----------------------------------------
> 
> More info:
> - cygwin is installed on a FAT partition of a WinXP (SP1) box, with
> latest patches.

Ugh!  You'll need to turn off 'StrictModes' in '/etc/sshd_config' for
this to work.  And that disables a large part of the security you get
from OpenSSH.  You should really consider switching to NTFS if you plan
to use OpenSSH as any kind of security mechanism.

> - Windows is a Spanish version of it.
> - I have at least one user without a password.  I've also gone and
> modified the ssh configuration file to add in sshd_config:
>      PermitEmptyPasswords no

Perhaps this answers the question about whether you're looking for
security from OpenSSH. ;-)

> - I've synced passwd and groups with mkpasswd -l and mkgroup -l.
> - I'm running under a firewall (not the XP one), but I've switched it off.

'Off' for some firewalls is the same as 'On'.  They can be buggy.  Try
opening port 22 (assuming you didn't change this) for OpenSSH or
uninstalling the firewall as a test.

-- 
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/