This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] OpenSSH-2.1.1p4 for Cygwin 1.1.3
- To: cygwin at sources dot redhat dot com
- Subject: Re: [ANNOUNCEMENT] OpenSSH-2.1.1p4 for Cygwin 1.1.3
- From: James Dumser <dumser at bigfoot dot com>
- Date: Wed, 02 Aug 2000 09:14:23 -0500
- Organization: Ericsson North America Inc.
- References: <200008020035.UAA19954@rtl.cygnus.com>
I installed OpenSSH on an NT box (CYGWIN_NT-4.0 ROW2PC 1.1.3(0.24/3/2)
2000-07-27 10:59 i686 unknown) but haven't gotten it to work correctly
yet.
First, I thought the security stuff was settled so OpenSSH and friends
could live on sources.redhat.com. Am I misremembering or is there
another reason your publishing on ftp.franken.de?
From your README:
> - If you are installing OpenSSH the first time, you can generate
> server keys and your own user keys by running
>
> /usr/local/bin/ssh-config
Actually, it's not the first time; but it wasn't working before. I
removed /usr/local/etc/ssh_host* files, renamed my ~/.ssh, and ran
ssh-config. BTW, it would be nice if ssh-config created ~/.ssh if it
didn't exist.
--- ssh-config.orig Tue Aug 1 14:14:41 2000
+++ ssh-config Wed Aug 2 08:41:15 2000
@@ -38,6 +38,11 @@
exit 1
fi
+if [ ! -d "${HOME}/.ssh" ]
+then
+ echo 'Creating $HOME/.ssh.'
+fi
+
if [ ! -f "${HOME}/.ssh/identity" ]
then
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
> - Install sshd as daemon via SRVANY.EXE, via inetd or from the command
> line.
I chose inetd.
> - if starting via inetd, copy sshd to eg. /usr/local/libexec/in.sshd
mkdir /usr/local/libexec
cp /usr/local/sbin/sshd.exe /usr/local/libexec/in.sshd.exe
> and add the following line to your inetd.conf file:
>
> sshd stream tcp nowait root /usr/local/libexec/in.sshd sshd -i
Added
sshd stream tcp nowait root /usr/local/libexec/in.sshd in.sshd -i
> Moreover you'll have to add the following line to your
> ${SYSTEMROOT}/system32/drivers/etc/services file:
>
> sshd 22/tcp #SSH daemon
Done.
> - Authentication to sshd is possible in one of two ways. You'll have
> to decide before starting sshd!
I am attempting to use NT authentication.
> - If you want to be able to login to different user accounts you'll
> have to start sshd under system account or any other account that
> is able to switch user context. Note that administrators are _not_
> able to do that by default! You'll have to give the following
> special user rights to the user:
> "Act as part of the operating system"
> "Replace process level token"
> "Increase quotas"
> and if used via service manager
> "Logon as a service".
inetd runs as the SYSTEM account. Your note (and my knowledge of NT) is
not clear if SYSTEM already has the necessary permissions or not. I
granted the Administrators group all these rights.
> Unfortunately, if you choose that way, you can only logon with NT
> password authentification and you should change
> /usr/local/etc/sshd_config to contain the following:
>
> PasswordAuthentication yes
> RhostsAuthentication no
> RhostsRSAAuthentication no
> RSAAuthentication no
>
Done.
> - You may use all features of the CYGWIN=ntsec setting the same
> way as they are used by the `login' port on sources.redhat.com:
Via Control Panel, System, Environment, I have the global CYGWIN set to
tty ntea ntsec.
/etc/passwd has S- fields but now U- fields (isn't not part of a
domain).
When I try to ssh to itself, I get
bash-2.04$ ssh -v row2pc
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x00905100).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 500 geteuid 500 anon 1
debug: Connecting to row2pc [138.85.206.115] port 22.
debug: Connection established.
debug: ssh_exchange_identification: sshd: no hostkeys available --
exiting.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x41319c(0x0)
I also tried installing a ssh_known_hosts for our network (both in
/usr/local/etc and /etc), but this didn't make a difference.
--
James Dumser dumser@bigfoot.com
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com