This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Openssh compatibility problem?

From: Michael Makuch <gmanedotorg at makuch dot org>
To: cygwin at cygwin dot com
Date: Sat, 03 Jan 2009 12:20:30 -0600
Subject: Re: Openssh compatibility problem?
Newsgroups: gmane.os.cygwin
References: <gjei0c$l4o$1@ger.gmane.org> <495F8758.9000002@makuch.org> <495F9091.9060305@cwilson.fastmail.fm>

Charles Wilson wrote:

Michael Makuch wrote:

This is not a compatibility problem between cygwin/openssh versions. I
am now seeing the problem just trying to ssh from plum to plum (an XP
box). It seems that openssh 5.1 on cygwin is loaded with problems.

Anyone have it working? Anyone able to get it working without problems?


Works fine here. It appears that the issue is the configuration on
plum's server. Some things to check:

1) make sure that you have opened port 22/tcp in plum's firewall

2) make sure that /etc/hosts.allow includes the line 'sshd : ALL' (or
'sshd : ALL : allow'

3) for localhost testing (e.g 'ssh localhost' on plum) add the following
to /etc/hosts.allow *before* 'all : PARANOID : deny'

'all : localhost 127.0.0.1 : allow'

or 'all : localhost 127.0.0.1 [::1] : allow' if you're using cygwin-1.7.

4) You might consider installing the syslogd or syslog-ng service on
plum.  Shut down sshd, run 'syslog-config' or 'syslog-ng-config', then
'cygrunsrv -S syslogd' or 'cygrunsrv -S syslog-ng'.  THEN restart sshd.

Now, you can try to ssh to plum, and tcp_wrapper errors will be reported
to plum's /var/log/messages, as well as some other sshd errors.

--
Chuck

Mystery solved, mostly. After much agony.

Good to know about syslog for future reference, thanks.

I've been watching for errors in /var/log/sshd.log and was getting
"sshd 17472 child_copy: linked dll data write copy failed" which a
rebaseall seemed to clear up, but still did't let ssh work.

Culprit: /etc/hosts.allow and hosts.deny. Couple issues here.

1) On one occaision I found these with chmod 0;

$ ls -l hosts.allow hosts.deny
----------  1 mkm None 434 Jan  3 11:49 hosts.allow
----------+ 1 mkm None 225 Jan  3 00:38 hosts.deny

I don't know how or why but this was on a fresh cygwin install, latest bits DLd yesterday. I just re-confirmed a fresh install of cygwin leaves these 2 files chmod 0.

Without read perms it appears that sshd will not allow ssh to connect from anywhere, local nor remote. With read perms things get better.

2) In some recent release the default hosts.allow has been modified to

ALL : PARANOID : deny
sshd: ALL

I am surmising that PARANOID is a relatively new feature and unsupported by openssh 4.5 - I deduce this since when I remove PARANOID I can then successfully ssh from openssh 4.5. In essence I would call this a "compatibility" issue between this version of Cygwin and the older ones.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: Openssh compatibility problem?
  - From: Charles Wilson

References:
- Re: Openssh compatibility problem?
  - From: Michael Makuch
- Re: Openssh compatibility problem?
  - From: Charles Wilson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]