This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SSHD and XP problems; setguid fails - FIXED!


Permission problems.

Once I created the right permissions for the user id directory that the 
remote was connecting to and made sure that SYSTEM.SYSTEM owned the host 
private keys and the /var/empty directory, then everything worked like a 
charm with the service.

The cygwin process for creating a home directory creates looser NTFS 
permissions than should be.  That is, the home directory should be full 
control by the user and Administrators only, perhaps with SYSTEM getting 
read access for things like ssh, but nothing and nobody else.  This is 
how it is in Unix.

NTFS permissions and the resulting Unix simulated permissions for the 
entire cygwin tree seem to be a bit of a mess.  

Maybe I'll create a patch.  Where should I look?  This is not simply a 
question of just changing the /etc/profile script, is it?

On 13 Sep 2003 at 22:06, Stephen Biggs wrote:

> Cygwin/SSHD on Windows XP SP1, all updated as of this evening.
> 
> I've seen some other posts on this issue but none really addresses what I 
> am seeing.
> 
> The output from running SSHD in debug mode:
> root@localhost ~
> $ /usr/sbin/sshd -p 22 -D -d -d -d
> debug2: read_server_config: filename /etc/sshd_config
> debug1: sshd version OpenSSH_3.6.1p2
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> RSA key generation complete.
> 
> .. After connection from another unprivileged cygwin prompt:
> steve@localhost ~
> $ ssh localhost
> Read from socket failed: Connection reset by peer
> 
> The server outputs:
> debug1: Server will not fork when running in debugging mode.
> Connection from 127.0.0.1 port 1395
> debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2
> debug2: Network child is on pid 2228
> debug3: privsep user:group 1010:545
> debug3: preauth child monitor started
> setgid failed for 545
> debug3: mm_request_receive entering
> debug1: Calling cleanup 0x422880(0x0)
> 
> root@localhost ~
> $
> 
> A verbose client run gives:
> steve@localhost ~
> $ ssh -vvv localhost
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug2: key_type_from_name: unknown key type '----'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'Comment:'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '----'
> debug3: key_read: missing keytype
> debug1: identity file /home/steve/.ssh/identity type -1
> debug3: Not a RSA1 key file /home/steve/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/steve/.ssh/id_rsa type 1
> debug1: identity file /home/steve/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
> debug1: SSH2_MSG_KEXINIT sent
> Read from socket failed: Connection reset by peer
> debug1: Calling cleanup 0x41b2e0(0x0)
> 
> steve@localhost ~
> $
> 
> The relevant entries in /etc/passwd:
> Users:*:545:545:,S-1-5-32-545::
> sshd:unused_by_nt/2000/xp:1010:545:sshd privsep,U-YIYEH-BESEDER\sshd,S-1-5-21-527237240-1004336348-1417001333-1010:/var/empty:/bin/false
> 
> sshd is the only UID in /etc/passwd that belongs to Users.
> 
> /etc/group entry:
> Users:S-1-5-32-545:545:
> 
> /etc/passwd and /etc/group are world readable.
> 
> Can anybody point me in the right direction to find out how to get this 
> to work?  I haven't even got to the fun parts trying to get key 
> authentication working, yet.
> 
> Thanks for any assistance.
> 
> 
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 





--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]