This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: sshd problems


Is there a way to detect this in a troubleshooting script?

The cygwin distribution has the following:

   1. A script (or set of scripts) to help the user install/setup
      a sshd service.

   2. Some documentation (primarily /usr/doc/Cygwin/openssh*) to give
      instructions and pointers.

What is sorely needed is a (shell?  perl?) script(s) that can be run 
which will help diagnose these problems, i.e., missing
files/directories,
invalid permissions, invalid configurations, invalid keys, etc.

> -----Original Message-----
> From: lhall@pop.ma.ultranet.com [mailto:lhall@pop.ma.ultranet.com]
> Sent: Thursday, October 10, 2002 3:30 PM
> To: david@purplebear.net; cygwin@cygwin.com
> Subject: Re: sshd problems
> 
> 
> If you installed via setup and installed for "All Users", you 
> should have
> the same mount points needed for both your user and for SYSTEM if you
> didn't 
> subsequently edit these mount points.  In any case, you 
> should be able to 
> recover by remounting them like so:
> 
> mount -f -s -b "<DOS path to cygwin installation>" /
> mount -f -s -b "<DOS path to cygwin installation>/bin" /usr/bin
> mount -f -s -b "<DOS path to cygwin installation>/lib" /usr/lib
> 
> where <DOS path to cygwin installation> would be something 
> like C:/cygwin.
> 
> Larry
> 
> 
> Original Message:
> -----------------
> From: David Monk david@purplebear.net
> Date: Thu, 10 Oct 2002 14:05:28 -0500
> To: cygwin@cygwin.com
> Subject: Re: sshd problems
> 
> 
> A further update on this issue. If I do some forcing, ie. 
> using an alternate
> key and chowning /var/empty to myself, I _can_ get sshd to 
> run. I can't
> login, but it does run.
> Keeping in mind the weird c:\var\log\sshd.log file 
> appearance, I tested it
> out. I deleted c:\var. I started sshd from the shell as 
> /usr/sbin/sshd -h
> /home/dmonk/ssh_host_rsa_key -d -d -d. It ran and no 
> c:\var\log\sshd.log was
> created. However, when I tried to start the service, the 
> c:\var\log\sshd.log
> was created. Somehow, when it runs as LocalSystem, it does 
> not have the
> proper cygwin mount points available. This may be the root of 
> the issue. How
> can this be fixed?
> 
> David
> 
> ----- Original Message -----
> From: "David Monk" <david@purplebear.net>
> To: "Harig, Mark A." <maharig@idirect.net>; "Len Giambrone" 
> <frodo@mit.edu>
> Cc: <cygwin@cygwin.com>
> Sent: Thursday, October 10, 2002 1:53 PM
> Subject: Re: sshd problems
> 
> 
> > >From the default installation, then ssh-host-config 
> perspective of this
> now,
> > my /var/empty looked like this immediately following 
> ssh-host-config:
> >
> > drwxrwxrwx    2 system   system          0 Oct 10 13:18 /var/empty
> >
> > Well, the date was different, as I have deleted and 
> recreated it manually
> a
> > couple times trying to get this working.
> > Changing it to what you show:
> >
> > drwxr-xr-x    2 system   system          0 Oct 10 13:18 /var/empty
> >
> > gives the following, using a separate key to even get sshd to run:
> >
> > $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> > debug1: sshd version OpenSSH_3.4p1
> > debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> > debug1: read PEM private key done: type RSA
> > debug1: private host key: #0 type 1 RSA
> > Disabling protocol version 1. Could not load host key
> > Bad owner or mode for /var/empty
> >
> >
> > Looking through the archives shows there have been a lot of recent
> problems
> > with sshd. My current question is, does anyone now have 
> sshd running as a
> > service, using privsep on Windows 2000 with an NTFS filesystem? I am
> > beginning to wonder if it could be due to service pack 3. That was a
> recent
> > update to this system. Unfortunately, I only use sshd on 
> this system when
> I
> > need to do things from home, so I can not pinpoint exactly 
> when this issue
> > appeared.
> >
> > David
> >
> >
> > ----- Original Message -----
> > From: "Harig, Mark A." <maharig@idirect.net>
> > To: "David Monk" <david@purplebear.net>; "Len Giambrone" 
> <frodo@mit.edu>
> > Cc: <cygwin@cygwin.com>
> > Sent: Thursday, October 10, 2002 1:41 PM
> > Subject: RE: sshd problems
> >
> >
> > According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
> >
> > >The new ssh-host-config script also adds the /var/empty directory
> > >needed by privilege separation.  When creating the 
> /var/empty directory
> > >by yourself, please note that in contrast to the README.privsep
> > document
> > >the owner sshould not be "root" but the user which is running sshd.
> > So,
> > >in the standard configuration this is SYSTEM.  The ssh-host-config
> > script
> > >chowns /var/empty accordingly.
> >
> > In /usr/bin/ssh-host-config is the following code:
> >
> > ># Create /var/empty file used as chroot jail for privilege 
> separation
> > >if [ -f /var/empty ]
> > >then
> > >  echo "Creating /var/empty failed\!"
> > >else
> > >  mkdir -p /var/empty
> > >  # On NT change ownership of that dir to user "system"
> > >  if [ $_nt -gt 0 ]
> > >  then
> > >    chown system.system /var/empty
> > >  fi
> > >fi
> >
> > For me, I have the following permissions:
> >
> >   $ ls -ld /var/empty
> >   drwxr-xr-x    2 SYSTEM   SYSTEM          0 Jul 24 11:39 /var/empty
> >
> > > -----Original Message-----
> > > From: David Monk [mailto:david@purplebear.net]
> > > Sent: Thursday, October 10, 2002 2:31 PM
> > > To: Len Giambrone
> > > Cc: cygwin@cygwin.com
> > > Subject: Re: sshd problems
> > >
> > >
> > > Generating a new key worked, as far as finding the key 
> goes. Then it
> > > presented me with a /var/empty ownership or permissions
> > > issue. So, thinking
> > > along the same lines, I chaned owner of that dir to myself.
> > > Finally, sshd
> > > runs. Not as a service unfortunately, but it does run. Also
> > > unfortunately, I
> > > can not log in under these circumstances. I get a password
> > > prompt, but it
> > > never accepts it. I can only guess this has something to do
> > > with privlege
> > > separation.
> > >
> > > Anyway, the main problem here, from the beginning of this
> > > thread, is that
> > > openssh was working fine, running as a service, using
> > > privlege separation
> > > until approx 2 weeks ago. The only thing I could have
> > > possibly done to break
> > > that was updating packages. So, somewhere, something in
> > > cygwin changed.
> > > Either specifically with the openssh package or with the some
> > > other aspect,
> > > but something has definitely changed. Again, this was working
> > > beautifully I
> > > know for absolute certainty 3 weeks ago, the server running
> > > as a service via
> > > cygrunsrv, utilizing the privlege separation. The only things
> > > that have been
> > > done to this system over the last few months has been regular
> > > virus updates,
> > > updates for Windows and cygwin updates. I have not messed with any
> > > configuration files, nor have I changed any file permissions
> > > within cygwin
> > > of it's file tree to cause this.
> > >
> > > David
> >
> > (a huge amount of text deleted)
> >
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> >
> >
> >
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at
> http://mail2web.com/ .
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]