X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.4 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_54,J_CHICKENPOX_55,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: sourceware.org To: cygwin AT cygwin DOT com From: Michael Makuch Subject: Re: Openssh compatibility problem? Date: Sat, 03 Jan 2009 12:20:30 -0600 Lines: 68 Message-ID: <495FAC6E.90401@makuch.org> References: <495F8758 DOT 9000002 AT makuch DOT org> <495F9091 DOT 9060305 AT cwilson DOT fastmail DOT fm> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) In-Reply-To: <495F9091.9060305@cwilson.fastmail.fm> X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Charles Wilson wrote: > Michael Makuch wrote: >> This is not a compatibility problem between cygwin/openssh versions. I >> am now seeing the problem just trying to ssh from plum to plum (an XP >> box). It seems that openssh 5.1 on cygwin is loaded with problems. >> >> Anyone have it working? Anyone able to get it working without problems? >> > > Works fine here. It appears that the issue is the configuration on > plum's server. Some things to check: > > 1) make sure that you have opened port 22/tcp in plum's firewall > > 2) make sure that /etc/hosts.allow includes the line 'sshd : ALL' (or > 'sshd : ALL : allow' > > 3) for localhost testing (e.g 'ssh localhost' on plum) add the following > to /etc/hosts.allow *before* 'all : PARANOID : deny' > > 'all : localhost 127.0.0.1 : allow' > > or 'all : localhost 127.0.0.1 [::1] : allow' if you're using cygwin-1.7. > > 4) You might consider installing the syslogd or syslog-ng service on > plum. Shut down sshd, run 'syslog-config' or 'syslog-ng-config', then > 'cygrunsrv -S syslogd' or 'cygrunsrv -S syslog-ng'. THEN restart sshd. > > Now, you can try to ssh to plum, and tcp_wrapper errors will be reported > to plum's /var/log/messages, as well as some other sshd errors. > > -- > Chuck > Mystery solved, mostly. After much agony. Good to know about syslog for future reference, thanks. I've been watching for errors in /var/log/sshd.log and was getting "sshd 17472 child_copy: linked dll data write copy failed" which a rebaseall seemed to clear up, but still did't let ssh work. Culprit: /etc/hosts.allow and hosts.deny. Couple issues here. 1) On one occaision I found these with chmod 0; $ ls -l hosts.allow hosts.deny ---------- 1 mkm None 434 Jan 3 11:49 hosts.allow ----------+ 1 mkm None 225 Jan 3 00:38 hosts.deny I don't know how or why but this was on a fresh cygwin install, latest bits DLd yesterday. I just re-confirmed a fresh install of cygwin leaves these 2 files chmod 0. Without read perms it appears that sshd will not allow ssh to connect from anywhere, local nor remote. With read perms things get better. 2) In some recent release the default hosts.allow has been modified to ALL : PARANOID : deny sshd: ALL I am surmising that PARANOID is a relatively new feature and unsupported by openssh 4.5 - I deduce this since when I remove PARANOID I can then successfully ssh from openssh 4.5. In essence I would call this a "compatibility" issue between this version of Cygwin and the older ones. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/