X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Anthony de Sousa <adesousa AT csc DOT com>
Subject:  Re: How to close a SSH connection from a BAT file
Date: Mon, 6 Aug 2007 06:07:58 +0000 (UTC)
Lines: 51
Message-ID:  <loom.20070806T073624-945@post.gmane.org>
References:  <loom DOT 20070801T062742-243 AT post DOT gmane DOT org> <46B0178A DOT 5887EC7F AT dessent DOT net> <loom DOT 20070803T084236-738 AT post DOT gmane DOT org> <v3n6b31r169vn98gjo4bgecheg38trhpck AT 4ax DOT com>
Mime-Version:  1.0
Content-Type:  text/plain; charset=us-ascii
Content-Transfer-Encoding:  7bit
User-Agent: Loom/3.14 (http://gmane.org/)
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Andrew Schulman <schulman.andrew@...> writes:

> 
> > Brian Thanks for the suggestions and I was extreemly interested in trying 
your 
> > suggestion of running the SSH client as a service. However I have not been 
> > successful in setting it up. Although it does install as a service, when 
it is 
> > started it immediatly stops as unable to authenticate with the other 
server. 
> > If SSH is run manually there is no issue. Currently going through the logs 
> > with verbose on and trying to determine what the issue is. 
> 
> As Brian suggests, in order to run an ssh client as a service you have to
> give it enough information to authenticate unattended to the server.  That
> means you have to give the client one of the following:
> 
> - a plaintext password
> - an unencrypted (i.e. empty password) private key file
> - a running ssh-agent that holds the private key
> 
> Whatever method you use to authenticate when you login manually, it will
> probably be simplest to give that same information to your ssh client when
> it runs unattended.
> 
> All of the above methods carry potential security risks, but the risks can
> be minimized by, for example, using an account with shell access disabled on
> the remote host.  For a full discussion of the unattended login problem, see
> chapter 11 of "SSH, The Secure Shell: The Definitive Guide", 2nd ed., by R.
> Silverman and D. Barrett.
> 
> A.
> 
> 
Brian and Andrew thank you for the wealth of information. Brian hit it on the 
head in that the service account was being used and the keys weren't being 
found. I have fixed this and the service now start with the net start ssh or 
the cyrunsrv S ssh commands. The stop also appears to work in that the service 
stops, but what I am finding is the process continues to run (appears in the 
task manager list)and the next time that net start ssh is issued the following 
errors are in the log
bind: Address already in use
channel_setup_fwd_listener: cannot listen to port: 139
Could not request local forwarding.
Cannot bind until the processes are killed also noted, is if I don't kill the 
process and just issue another net start ssh, then the number of processes 
will continue to increase. 
I hope there is a easy way around this as the solution originally provided 
offers minimal impact to an existing application. Many thanks again




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/