X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.0 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_33,SARE_MSGID_LONG40,SPF_PASS X-Spam-Check-By: sourceware.org MIME-Version: 1.0 In-Reply-To: <499CBDE4.6020109@cygwin.com> References: <499C384F DOT 2070708 AT cygwin DOT com> <499CBDE4 DOT 6020109 AT cygwin DOT com> Date: Thu, 19 Feb 2009 10:50:46 +0800 Message-ID: Subject: Re: sshd w/o admin? From: Aaron Davies To: cygwin AT cygwin DOT com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Thu, Feb 19, 2009 at 10:03 AM, Larry Hall (Cygwin) wrote: > Aaron Davies wrote: > >> On Thu, Feb 19, 2009 at 12:33 AM, Larry Hall (Cygwin) wrote: > > ^^^^^^ > Thanks! is this even possible in gmail? if not, i'll do it manually for now. >>> Aaron Davies wrote: >>>> >>>> is it possible to get sshd working w/o admin privs? >>> >>> Running 'ssh-host-config' requires adminstrative privileges to create >>> users to run 'sshd' as a service (for W2K3 and later) and for privilege >>> separation. If you don't want/need these, then you can bypass these >>> as part of the configuration. This will mean: >>> >>> 1. You cannot run sshd as a service (on W2K3 or later) so you will not >>> be able to use pub-key authentication. On W2K and XP systems, you >>> can use the existing 'SYSTEM' user to run 'sshd' as a service if >>> you'd like. >> >> I'm on XP Pro. How would I go about installing it as a service under >> SYSTEM? ssh-host-config doesn't seem to be able to do that for me (log >> attached, as is cygcheck output). > > Of course. My mistake. You need admin privileges to install a service. > If you don't have this or can't get it for the configuration portion of > the installation, you won't be able to run as a service. :-( that's ok, i'm comfortable with running it out of my .profile or something similar. >>>> i've run ssh-host-config (without creating a new user) and started >>>> sshd manually from the shell. >>>> >>>> when i try to connect, i get "Connection closed by 127.0.0.1" and an >>>> error "sshd: PID 6520: fatal: seteuid 45758: Permission denied" shows >>>> up in the event viewer >>>> >>>> "id" idnicates that 45758 is me >>>> >>>> any suggestions? >>> >>> Use password authentication? >> >> I don't get to an authentication stage at all AFAICT. > > But what authentication methods do you allow? If you allow > pubkey and have set up the keys for this (via 'ssh-user-config'), > this could be the problem. Your 'sshd' won't be able to change > user to 'you'. That's what the 'seteuid' message above means. > I'd recommend removing all ssh key files in ~/.ssh and trying again. The vast majority of use I get out of ssh on this box is outgoing, and I have several keys set up for ssh'ing into various linux boxes. However, I have no ~/.ssh/authorized_keys. The local ssh_config and sshd_config are unmodified from the versions written by ssh-host-config, AFAIK, which is identical to /etc/defaults for ssh_config, and for sshd_config, only varies by setting the port and turning off StrictModes and UsePrivilegeSeparation. I have never run ssh-user-config; I generated the keys directly with the standard keygen tools. I tried moving all my keys aside (outside of ~/.ssh). Now "ssh localhost" on the local box takes my password, prints the banner, then quits with "Connection to localhost closed." % ssh localhost adavies AT localhost's password: Last login: Thu Feb 19 10:41:39 2009 from localhost Connection to localhost closed. The same setreuid error is left in the event log Why exactly does it need to setreuid to me when it's already me? This sshd process is started by and running under the same id it's trying to become. > Also, FWIW, using a remote drive as your home adds a level of > complication. You may want to try to create a local home directory, > point to this in your '/etc/passwd', and rerun 'ssh-user-config' if > you continue to have problems. I'll give this a try next, I guess. -- Aaron Davies aaron DOT davies AT gmail DOT com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/