X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=1.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_THEBAT,KHOP_THREADED,SPF_SOFTFAIL,TW_MK,TW_UU X-Spam-Check-By: sourceware.org Date: Fri, 11 May 2012 12:54:26 +0400 From: Andrey Repin Reply-To: Andrey Repin Message-ID: <603694529.20120511125426@mtu-net.ru> To: Andre Loker , cygwin AT cygwin DOT com Subject: Re: [1.7.15-1] Installing sshd fails In-Reply-To: <4FACC985.909@andreloker.de> References: <4FACC985 DOT 909 AT andreloker DOT de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Greetings, Andre Loker! > I'm trying to install cygwin 1.7.15-1 on a new Windows Server 2008 R2 > machine. I can't get sshd to install properly. > When I run ssh-host-config the script says that creation of the user > sshd has failed: Do you start it in an elevated console? > ------------------------------------ > $ ssh-host-config > *** Info: Generating /etc/ssh_host_key > *** Info: Generating /etc/ssh_host_rsa_key > *** Info: Generating /etc/ssh_host_dsa_key > *** Info: Generating /etc/ssh_host_ecdsa_key > *** Info: Creating default /etc/ssh_config file > *** Info: Creating default /etc/sshd_config file > *** Info: Privilege separation is set to yes by default since OpenSSH 3.3. > *** Info: However, this requires a non-privileged account called 'sshd'. > *** Info: For more info on privilege separation read > /usr/share/doc/openssh/README.privsep. > *** Query: Should privilege separation be used? (yes/no) yes > *** Info: Note that creating a new user requires that the current > account have > *** Info: Administrator privileges. Should this script attempt to create a > *** Query: new local account 'sshd'? (yes/no) yes > *** Warning: Creating the user 'sshd' failed! > *** ERROR: Couldn't create user 'sshd'! > *** ERROR: Privilege separation set to 'no' again! > *** ERROR: Check your /etc/sshd_config file! > *** Info: Updating /etc/sshd_config file > ------------------------------------ > However, the sshd user has in fact been created in Windows. If I re-run > ssh-host-config now and confirm to overwrite the config files, the > scripts runs further but fails when creating cyg_server: > ------------------------------------ > $ ssh-host-config > *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes > *** Info: Creating default /etc/ssh_config file > *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes > *** Info: Creating default /etc/sshd_config file > *** Info: Privilege separation is set to yes by default since OpenSSH 3.3. > *** Info: However, this requires a non-privileged account called 'sshd'. > *** Info: For more info on privilege separation read > /usr/share/doc/openssh/README.privsep. > *** Query: Should privilege separation be used? (yes/no) yes > *** Info: Updating /etc/sshd_config file > *** Query: Do you want to install sshd as a service? > *** Query: (Say "no" if it is already installed as a service) (yes/no) yes > *** Query: Enter the value of CYGWIN for the daemon: [] > *** Info: On Windows Server 2003, Windows Vista, and above, the > *** Info: SYSTEM account cannot setuid to other users -- a capability > *** Info: sshd requires. You need to have or to create a privileged > *** Info: account. This script will help you do so. > *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, > *** Info: or later. On these systems, it's not possible to use the > LocalSystem > *** Info: account for services that can change the user id without an > *** Info: explicit password (such as passwordless logins [e.g. public key > *** Info: authentication] via sshd). > *** Info: If you want to enable that functionality, it's required to create > *** Info: a new account with special privileges (unless a similar account > *** Info: already exists). This account is then used to run these special > *** Info: servers. > *** Info: Note that creating a new user requires that the current account > *** Info: have Administrator privileges itself. > *** Info: No privileged account could be found. > *** Info: This script plans to use 'cyg_server'. > *** Info: 'cyg_server' will only be used by registered services. > *** Query: Do you want to use a different name? (yes/no) no > *** Query: Create new privileged user account 'cyg_server'? (yes/no) yes > *** Info: Please enter a password for new user cyg_server. Please be sure > *** Info: that this password matches the password rules given on your > system. > *** Info: Entering no password will exit the configuration. > *** Query: Please enter the password: > *** Query: Reenter: > *** Warning: Creating the user 'cyg_server' failed! Reason: > The user or group account specified cannot be found. > The user was successfully created but could not be added > to the USERS local group. > More help is available by typing NET HELPMSG 3774. > *** Info: Please enter a password for new user cyg_server. Please be sure > *** Info: that this password matches the password rules given on your > system. > *** Info: Entering no password will exit the configuration. > *** Query: Please enter the password: > ------------------------------------ > It then hangs in a loop asking for the password. At this point the > cyg_server user has been created but is not member of any group. > If I now manually add cyg_server to Users and Administrators and once > again rerun the ssh-host-config: > ------------------------------------ > $ ssh-host-config > *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes > *** Info: Creating default /etc/ssh_config file > *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes > *** Info: Creating default /etc/sshd_config file > *** Info: Privilege separation is set to yes by default since OpenSSH 3.3. > *** Info: However, this requires a non-privileged account called 'sshd'. > *** Info: For more info on privilege separation read > /usr/share/doc/openssh/README.privsep. > *** Query: Should privilege separation be used? (yes/no) yes > *** Info: Updating /etc/sshd_config file > *** Query: Do you want to install sshd as a service? > *** Query: (Say "no" if it is already installed as a service) (yes/no) yes > *** Query: Enter the value of CYGWIN for the daemon: [] > *** Info: On Windows Server 2003, Windows Vista, and above, the > *** Info: SYSTEM account cannot setuid to other users -- a capability > *** Info: sshd requires. You need to have or to create a privileged > *** Info: account. This script will help you do so. > *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, > *** Info: or later. On these systems, it's not possible to use the > LocalSystem > *** Info: account for services that can change the user id without an > *** Info: explicit password (such as passwordless logins [e.g. public key > *** Info: authentication] via sshd). > *** Info: If you want to enable that functionality, it's required to create > *** Info: a new account with special privileges (unless a similar account > *** Info: already exists). This account is then used to run these special > *** Info: servers. > *** Info: Note that creating a new user requires that the current account > *** Info: have Administrator privileges itself. > *** Info: The following privileged accounts were found: 'cyg_server' . > *** Info: This script plans to use 'cyg_server'. > *** Info: 'cyg_server' will only be used by registered services. > *** Query: Do you want to use a different name? (yes/no) no > *** Query: Please enter the password for user 'cyg_server': > *** Query: Reenter: > *** Warning: User cyg_server does not appear in /etc/passwd. > *** Info: The sshd service has been installed under the 'cyg_server' > *** Info: account. To start the service now, call `net start sshd' or > *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically > *** Info: after the next reboot. > *** Warning: Couldn't change owner of /etc/ssh_config! > *** Warning: Couldn't change owner of /etc/sshd_config! > *** Warning: Couldn't change owner of /etc/ssh_host_dsa_key! > *** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key! > *** Warning: Couldn't change owner of /etc/ssh_host_key! > *** Warning: Couldn't change owner of /etc/ssh_host_rsa_key! > *** Warning: Couldn't change owner of /etc/ssh_host_dsa_key.pub! > *** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key.pub! > *** Warning: Couldn't change owner of /etc/ssh_host_key.pub! > *** Warning: Couldn't change owner of /etc/ssh_host_rsa_key.pub! > *** Warning: Couldn't change owner of /var/empty! > *** Warning: Couldn't change owner of /var/log/lastlog! > *** Warning: Couldn't change owner of important files to cyg_server! > *** Warning: This may cause the sshd service to fail! Please make sure that > *** Warning: you have suufficient permissions to change the ownership of > files > *** Warning: and try to run the ssh-host-config script again. > *** Warning: Host configuration exited with 12 errors or warnings! > *** Warning: Make sure that all problems reported are fixed, > *** Warning: then re-run ssh-host-config. > ------------------------------------ > Finally: if I update /etc/passwd: $ mkpasswd -l >> /etc/passwd > and rerun the script I get: > ------------------------------------ > $ ssh-host-config > *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes > *** Info: Creating default /etc/ssh_config file > *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes > *** Info: Creating default /etc/sshd_config file > *** Info: Privilege separation is set to yes by default since OpenSSH 3.3. > *** Info: However, this requires a non-privileged account called 'sshd'. > *** Info: For more info on privilege separation read > /usr/share/doc/openssh/README.privsep. > *** Query: Should privilege separation be used? (yes/no) yes > *** Info: Updating /etc/sshd_config file > *** Info: Sshd service is already installed. > *** Warning: Couldn't determine name of user running sshd service from > /etc/passwd! > *** Warning: As a result, this script cannot make sure that the files used > *** Warning: by the sshd service belong to the user running the service. > *** Warning: Please re-run the mkpasswd tool to make sure the /etc/passwd > *** Warning: file is in a good shape. > *** Warning: Host configuration exited with 1 errors or warnings! > *** Warning: Make sure that all problems reported are fixed, > *** Warning: then re-run ssh-host-config. > ------------------------------------ > I have successfully installed pre 1.7.15 versions on identical machines > so I assume something has changed in 1.7.15 that causes those errors. > I'm running the Cygwin Terminal with elevated rights, of course. > Any help to fix this is much appreciated. > With kind regards, > Andre Loker > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple -- WBR, Andrey Repin (anrdaemon AT freemail DOT ru) 11.05.2012, <12:54> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple