Copying skeleton files. These files are for the users to personalise their cygwin experience. They will never be overwritten nor automatically updated. './.bashrc' -> '/home/ilya//.bashrc' './.bash_profile' -> '/home/ilya//.bash_profile' './.inputrc' -> '/home/ilya//.inputrc' './.profile' -> '/home/ilya//.profile' ilya@w9 ~ $ id uid=1001(ilya) gid=513(None) groups=513(None),0(root),544(Administrators),545(Users),1002(HomeUsers) ilya@w9 ~ $ id -G 513 0 544 545 1002 ilya@w9 ~ $ ssh-host-config -y *** Info: Generating missing SSH host keys ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519 *** Info: Creating default /etc/ssh_config file *** Info: Creating default /etc/sshd_config file *** Info: StrictModes is set to 'yes' by default. *** Info: This is the recommended setting, but it requires that the POSIX *** Info: permissions of the user's home directory, the user's .ssh *** Info: directory, and the user's ssh key files are tight so that *** Info: only the user has write permissions. *** Info: On the other hand, StrictModes don't work well with default *** Info: Windows permissions of a home directory mounted with the *** Info: 'noacl' option, and they don't work at all if the home *** Info: directory is on a FAT or FAT32 partition. *** Query: Should StrictModes be used? (yes/no) yes *** Info: Privilege separation is set to 'sandbox' by default since *** Info: OpenSSH 6.1. This is unsupported by Cygwin and has to be set *** Info: to 'yes' or 'no'. *** Info: However, using privilege separation requires a non-privileged account *** Info: called 'sshd'. *** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. *** Query: Should privilege separation be used? (yes/no) yes *** Info: Note that creating a new user requires that the current account have *** Info: Administrator privileges. Should this script attempt to create a *** Query: new local account 'sshd'? (yes/no) yes *** Info: Updating /etc/sshd_config file *** Query: Do you want to install sshd as a service? *** Query: (Say "no" if it is already installed as a service) (yes/no) yes *** Query: Enter the value of CYGWIN for the daemon: [] *** Info: On Windows Server 2003, Windows Vista, and above, the *** Info: SYSTEM account cannot setuid to other users -- a capability *** Info: sshd requires. You need to have or to create a privileged *** Info: account. This script will help you do so. *** Info: It's not possible to use the LocalSystem account for services *** Info: that can change the user id without an explicit password *** Info: (such as passwordless logins [e.g. public key authentication] *** Info: via sshd) when having to create the user token from scratch. *** Info: For more information on this requirement, see *** Info: https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1 *** Info: If you want to enable that functionality, it's required to create *** Info: a new account with special privileges (unless such an account *** Info: already exists). This account is then used to run these special *** Info: servers. *** Info: Note that creating a new user requires that the current account *** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'. *** Info: 'cyg_server' will only be used by registered services. *** Query: Create new privileged user account 'W9\cyg_server' (Cygwin name: 'cyg_server')? (yes/no) yes *** Info: Please enter a password for new user cyg_server. Please be sure *** Info: that this password matches the password rules given on your system. *** Info: Entering no password will exit the configuration. *** Query: Please enter the password: *** Query: Reenter: *** Info: User 'cyg_server' has been created with password 'xx'. *** Info: If you change the password, please remember also to change the *** Info: password for the installed services which use (or will soon use) *** Info: the 'cyg_server' account. System error 1376 has occurred. The specified local group does not exist. *** Warning: Adding user 'cyg_server' to local group 'root' failed! *** Warning: Please add 'cyg_server' to local group 'root' before *** Warning: starting any of the services which depend upon this user! *** ERROR: There was a serious problem creating a privileged user. *** Query: Do you want to proceed anyway? (yes/no) yes *** Warning: Expected privileged user 'cyg_server' does not exist. *** Warning: Defaulting to 'SYSTEM' *** Info: The sshd service has been installed under the LocalSystem *** Info: account (also known as SYSTEM). To start the service now, call *** Info: `net start sshd' or `cygrunsrv -S sshd'. Otherwise, it *** Info: will start automatically after the next reboot. *** Warning: Host configuration exited with 1 errors or warnings! *** Warning: Make sure that all problems reported are fixed, *** Warning: then re-run ssh-host-config. ilya@w9 ~ $ net localgroup Aliases for \\W9 ------------------------------------------------------------------------------- *Access Control Assistance Operators *Administrators *Backup Operators *Cryptographic Operators *Distributed COM Users *Event Log Readers *Guests *HomeUsers *Hyper-V Administrators *IIS_IUSRS *Network Configuration Operators *Performance Log Users *Performance Monitor Users *Power Users *Remote Desktop Users *Remote Management Users *Replicator *Users *WinRMRemoteWMIUsers__ The command completed successfully. ilya@w9 ~ $ net localgroup Administrators sshd /ADD The command completed successfully. ilya@w9 ~ $ net user cyg_server User name cyg_server Full Name Privileged server Comment User's comment Country/region code 000 (System Default) Account active Yes Account expires Never Password last set 01/01/2015 00:50:34 Password expires Never Password changeable 01/01/2015 00:50:34 Password required Yes User may change password Yes Workstations allowed All Logon script User profile Home directory C:\cygwin64\var\empty Last logon Never Logon hours allowed All Local Group Memberships *Users Global Group memberships *None The command completed successfully. ilya@w9 ~ $ net localgroup Administrators cyg_server /ADD The command completed successfully. ilya@w9 ~ $ cygrunsrv.exe -S sshd ilya@w9 ~ $ ssh localhost /bin/echo BLAH The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is ec:12:78:2a:85:3f:b1:5d:b1:49:da:b9:51:e1:ef:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. ilya@localhost's password: BLAH ilya@w9 ~ $ ssh-keygen.exe Generating public/private rsa key pair. Enter file in which to save the key (/home/ilya/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ilya/.ssh/id_rsa. Your public key has been saved in /home/ilya/.ssh/id_rsa.pub. The key fingerprint is: 59:ad:bf:9a:2b:99:54:dc:89:a7:36:0d:49:5c:6b:34 ilya@w9 The key's randomart image is: +---[RSA 2048]----+ | . .E | | oo o | | o.++. | | o*o+ | | S..= | | . +.. | | . + .. | | + . . | | .+o. | +-----------------+ ilya@w9 ~ $ ssh localhost /bin/echo BLAH Connection closed by ::1 ilya@w9 ~ $ ssh -v localhost /bin/echo BLAH OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to localhost [::1] port 22. debug1: Connection established. debug1: identity file /home/ilya/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/ilya/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7 debug1: match: OpenSSH_6.7 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA ec:12:78:2a:85:3f:b1:5d:b1:49:da:b9:51:e1:ef:07 debug1: Host 'localhost' is known and matches the ECDSA host key. debug1: Found key in /home/ilya/.ssh/known_hosts:1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ilya/.ssh/id_rsa Connection closed by ::1 ilya@w9 ~ $ ssh localhost -o PubkeyAuthentication=no /bin/echo BLAH ilya@localhost's password: BLAH ilya@w9 ~ $ cp .ssh/id_rsa.pub .ssh/autorized_keys && chmod 600 .ssh/autorized_keys ilya@w9 ~ $ ssh localhost /bin/echo BLAH Connection closed by ::1 ilya@w9 ~ $ ls -l /var/log/sshd.log -rw-r--r-- 1 SYSTEM root 0 Jan 1 00:58 /var/log/sshd.log ilya@w9 ~ $ cygrunsrv.exe --stop sshd ilya@w9 ~ $ /usr/sbin/sshd.exe -d debug1: sshd version OpenSSH_6.7, OpenSSL 1.0.1j 15 Oct 2014 debug1: private host key: #0 type 1 RSA debug1: private host key: #1 type 2 DSA debug1: private host key: #2 type 3 ECDSA debug1: private host key: #3 type 4 ED25519 /var/empty must be owned by root and not group or world-writable. ilya@w9 ~ $ ls -l /var/log/sshd.log -rw-r--r-- 1 SYSTEM root 0 Jan 1 00:58 /var/log/sshd.log ilya@w9 ~ $ echo "I don't know now what to do :-(" I don't know now what to do :-(