This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Problems using sshd as a service

From: "David Brown" <david_brown at hotpop dot com>
To: <cygwin at cygwin dot com>
Date: Wed, 4 Dec 2002 15:20:31 +0100
Subject: Re: Problems using sshd as a service
References: <Pine.LNX.4.44.0212040828590.17042-100000@magetower.office.aol.com>

I am afraid I cannot get the permissions to work out right.  Perhaps it is
because I have done too much with cygwin without "ntsec", or perhaps I must
reboot after adding CYGWIN="ntsec" to my environment variables (although
your suggested -e setting in the cygrunsrv line should fix that).
Fortunately I don't need much security here - no one can get into our
network without first passing through the ssh server on our linux box (and I
understand the security there - it is just mixing NT and unix-type security
with cygwin that has me confused), and I'm not worried about security on our
internal network.  I know it is always best to use whatever available
security you can get, but even without ntsec, the sshd server on my machine
is definitely not going to be our network's weakest link.

I have found, however, that I need to add -a "-D" to the cygrunsrv
installation flags to be able to get sshd to start as a service without
errors, and to be able to start and stop it with net start and net stop.

Thanks for your tips, anyway.  Maybe one day I'll work it out - perhaps next
time I need to do a clean install of cygwin I'll try getting "ntsec" to
work.  But my current cygwin installation has been build up over time, and I
rely on too many bits of cygwin to be keen on messing up the things that
work.

mvh.

David

> First guess is that permissions on the keys are wrong.  Based on your
> cygrunsrv line, I expect you are running the service as System, however,
> when you start by hand, you are not System.  For sshd to work in those
> conditions, you would have to own the key files.
>
> Another possibility, related to the first, is that you are not using
> ntsec in your CYGWIN variable.
>
> If either or both of these cases are true, you can try the following to
> fix your problem.
>
> cygrunsrv -R sshd
>
> cygrunsrv -I sshd -p /usr/sbin/sshd -e 'CYGWIN="binmode tty ntsec"'
> export CYGWIN="binmode tty ntsec"
> chmod 600 /etc/ssh/ssh_host*_key
> chown SYSTEM:Administrators /etc/ssh/ssh_host*_key
> net start sshd
>
> After that you can also look at /var/log/sshd.log to see any errors from
> sshd starting.  That should help you.
>
> On Wed, 4 Dec 2002, David Brown wrote:
>
> > I am trying to get sshd to run as a service on my W2K SP2 machine.  I
have
> > got sshd set up properly (as far as I know), with all the keys and files
it
> > needs.  If I start a cygwin bash shell and type "/usr/sbin/sshd", then
the
> > server starts fine and issues no errors or warnings.  From another PC on
the
> > network, I can ssh in to this PC.  In other words, sshd is working
> > perfectly.
> >
> > However, when I install it as a service with
> >
> >     cygrunsrv -I sshd -p /usr/sbin/sshd
> >
> > and then try to start the service, either with cygrunsrv or from the
Control
> > Panel, I get:
> >
> >     cygrunsrv -S sshd
> > cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error
1062:
> > The service has not been started.
> >
> > Looking with taskmanager, however, I see that sshd has been started
fine - I
> > have no problem logging into it.  So the sshd server has been started,
even
> > though Windows does not know it.  This leads to complaints during
startup,
> > and I can't use "net start" and "net stop" but must kill sshd manually
if
> > needed.
> >
> > Cygwin1.dll version 1.3.12 of 06/07/2002.
> >
> > Any ideas would be much appreciated.
> >
> > David
> > Norway.
> >
> >
> > "I love deadlines.  I love the whooshing noise they make as they go
past."
> > Douglas Adams
> >
> >
> >
> >
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> >
>
> Prentis Brooks | prentis@aol.net | 703-265-0914 | AIM: PrentisBrooks
> Senior System Administrator - Web Infrastructure & Security
>
>        A knight is sworn to valor.  His heart knows only virtue.  His
blade
>        defends the helpless.  His word speaks only truth.  His wrath
undoes
>        the wicked. - the old code of Bowen, last of the dragonslayers
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: Problems using sshd as a service
  - From: Max Bowsher

References:
- Re: Problems using sshd as a service
  - From: Prentis Brooks

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]