This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SPAMBayesian] - cygwin sshd on Windows Server 2003 Domain Controller? - Failed Bayesian filter


On Thu, Sep 04, 2003 at 04:56:46PM +0200, Fermin Sanchez wrote:
> I used to have cygwin sshd running on my old Windows 2000 Domain 
> Controller, worked like a charm. Some time ago I switched (reinstalled, 
> actually) my domain controller to Windows Server 2003.
> 
> I went through the usual steps: download, "ssh-host-config -y", security 
> model "ntsec" and installed it as a service. First, it worked for about 5 
> minutes. Then, when I tried to connect from a remote host, I got a network 
> connection error. The server isn't accepting connections any more. 
> Restarting the sshd service in windows results in:

I'm surprised that it worked for 5 minutes.  You mean, without trying
to connect, don't you?

Basically on 2003 the problem is a change of user rights given to the
SYSTEM user when running services.  Microsoft is trying to close a
security hole by removing the CreateTokenPrivilege from all services
running under SYSTEM account.

Workaround:  Create a new account on your machine in the Admin group.
Add the CreateTokenPrivilege in your Local Security Policy dialog. 
Run sshd under that account.  Don't forget to add this user to /etc/passwd.
*DON'T* call this user sshd since that's the user name of an *unprivileged*
user running the sshd child when privilege separation is turned on.

Hope that is in any way related to your actual problem...

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]