Message-Id: <201807182352.w6INqGhK009907@delorie.com> X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=Tc68MB2oZfgWhtVE vj+Fi20GXA2q1g394zjA62qqc6zDvw8yr3ch4f3Kv03UEpsH54MAhdbvr2/3BbrN mZCoYHw/s6PaX2lH55VT4RNfBZ7R/YiuyVgGhDG7+KcEAA1x6RUW5+Ob2mroF+OX riuPVg+66LIPk08ObXoRX4k8O+A= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:mime-version:content-type :content-transfer-encoding; s=default; bh=pg2TlUN9px4x1M4tQHzD9G Do1w8=; b=mZa7Ahpf2EnZibWXYOGr5w1MQsSf73LYw3tq6S8k2V9SGz64dbDNwn 1ocaIUAru6LTdWiant5xu02py7oxdY5k8t0Zb46v8Z8RyBeUGRndvruB2EGxwyRE IBEEQp8oAuhnNnM90jhKaeTFvRmQ3Wmm43nQrpjR0jcsXMAXCOhyo= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=BAYES_50,KAM_NUMSUBJECT,MISSING_MID,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2 spammy=H*UA:Office, automation, W10, w10 X-HELO: garibaldi.swishmail.com From: "Cliff Geschke" To: Subject: sshd service removed by Windows 10 update 1803 Date: Wed, 18 Jul 2018 18:51:54 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit As part of a Windows 10 update 1803 a few days ago, the cygwin sshd service was removed, keeping my users from accessing my server. I had been successfully using sshd for several years and it has survived numerous windows updates. Here is what I have done to fix it: Disable the following services via W10 computer management. OpenSSH Authentication Agent SSH Server Broker SSH Server Proxy SSHdBroker I'm not sure all those need to be disabled. Run a bash shell as administrator, and reinstall sshd using cygrunsrv cygrunsrv --stop sshd cygrunsrv --remove sshd cygrunsrv --install sshd --path /usr/sbin/sshd.exe --user cyg_server cygrunsrv --start sshd You will get an error from the start command: cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started. The task manager shows sshd is indeed running, and remote ssh clients can log in. So I am ignoring the error. cygrunsrv -Q sshd shows the service is stopped. And W10 computer management shows it is stopped. If you try to start it again, it will fail because the sshd task has a hold on the TCP ports. If you want to stop/restart to edit config files, you need to directly kill the sshd task. After a system restart, W10 starts the correct sshd again. Simply using "cygrunsrv --install sshd" without --path, installs the MS sshd. Not what I want. If you don't specify --user with the --install, W10 will use SYSTEM which does not have the permissions (SeTcbPrivilege etc) to change to the client user. So you get seteuid Operation Not Permitted errors when a remote client tries and fails to login. I discovered this the hard way. BTW, I didn't want to start over with ssh-host-config because I didn't want to risk invalidating my encryption keys and confuse my remote clients. Except for the weirdness where computer management and cygrunsrv -Q show the service is stopped, everything seems to work okay and my users are happy again. Cliff Geschke Precise Automation -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple