This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi, I am trying to get SSH setup on my Windows 10 Pro install. The script trips up at the user creation portion. I haven't been able to find the right permissions to setup by hand, the closest I can get I still get: sshd: PID 6904: fatal: seteuid 197609: Operation not permitted in the event log on login attempts.Ã None of my googling has been fruitful, most hits I get are people doing very wrong things, which I don't think I am doing, but feel free to enlighten me. The apparent problem with the script seems to be that it tries to use the name deepthought+cyg_server (which is host+user) and cygwin doesn't recognize that form, despite every indication that it should. root@deepthought ~ $ cygcheck.exe -f `which ssh-host-config` openssh-7.2p2-1 root@deepthought ~ $ cygcheck.exe -f /usr/share/csih/cygwin-service-installation-helper.sh csih-0.9.9-1 root@deepthought ~ $ id cyg_server uid=197617(cyg_server) gid=197121(None) groups=11(Authenticated Users),197121(None),545(Users),544(Administrators) root@deepthought ~ $ id deepthought+cyg_server id: ÃÂÂdeepthought+cyg_serverÃÂÂ: no such user The very first time I ran the ssh-host-config script I used the -y flag and the output was much the same.Ã This is the output from the script run: $ ssh-host-config *** Info: Generating missing SSH host keys *** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes *** Info: Creating default /etc/ssh_config file *** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes *** Info: Creating default /etc/sshd_config file *** Info: StrictModes is set to 'yes' by default. *** Info: This is the recommended setting, but it requires that the POSIX *** Info: permissions of the user's home directory, the user's .ssh *** Info: directory, and the user's ssh key files are tight so that *** Info: only the user has write permissions. *** Info: On the other hand, StrictModes don't work well with default *** Info: Windows permissions of a home directory mounted with the *** Info: 'noacl' option, and they don't work at all if the home *** Info: directory is on a FAT or FAT32 partition. *** Query: Should StrictModes be used? (yes/no) yes *** Info: Privilege separation is set to 'sandbox' by default since *** Info: OpenSSH 6.1.Ã This is unsupported by Cygwin and has to be set *** Info: to 'yes' or 'no'. *** Info: However, using privilege separation requires a non-privileged account *** Info: called 'sshd'. *** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. *** Query: Should privilege separation be used? (yes/no) yes *** Info: Note that creating a new user requires that the current account have *** Info: Administrator privileges.Ã Should this script attempt to create a *** Query: new local account 'sshd'? (yes/no) yes *** Info: Updating /etc/sshd_config file *** Query: Do you want to install sshd as a service? *** Query: (Say "no" if it is already installed as a service) (yes/no) yes *** Query: Enter the value of CYGWIN for the daemon: [] tty ntsec *** Info: On Windows Server 2003, Windows Vista, and above, the *** Info: SYSTEM account cannot setuid to other users -- a capability *** Info: sshd requires.Ã You need to have or to create a privileged *** Info: account.Ã This script will help you do so. *** Info: It's not possible to use the LocalSystem account for services *** Info: that can change the user id without an explicit password *** Info: (such as passwordless logins [e.g. public key authentication] *** Info: via sshd) when having to create the user token from scratch. *** Info: For more information on this requirement, see *** Info: https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1 *** Info: If you want to enable that functionality, it's required to create *** Info: a new account with special privileges (unless such an account *** Info: already exists). This account is then used to run these special *** Info: servers. *** Info: Note that creating a new user requires that the current account *** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'. *** Info: 'cyg_server' will only be used by registered services. *** Query: Do you want to use a different name? (yes/no) yes *** Query: Enter the new user name: cyg_server *** Query: Reenter: cyg_server *** Query: Create new privileged user account 'DEEPTHOUGHT\cyg_server' (Cygwin name: 'deepthought+cyg_server')? (yes/no) yes *** Info: Please enter a password for new user deepthought+cyg_server.Ã Please be sure *** Info: that this password matches the password rules given on your system. *** Info: Entering no password will exit the configuration. *** Query: Please enter the password: *** Query: Reenter: *** Info: User 'deepthought+cyg_server' has been created with password 'REDACTED'. *** Info: If you change the password, please remember also to change the *** Info: password for the installed services which use (or will soon use) *** Info: the 'deepthought+cyg_server' account. passwd: unknown user deepthought+cyg_server *** Warning: Setting password expiry for user 'deepthought+cyg_server' failed! *** Warning: Please check that password never expires or set it to your needs. No user or group 'deepthought+cyg_server' known. *** Warning: Assigning the appropriate privileges to user 'deepthought+cyg_server' failed! *** ERROR: There was a serious problem creating a privileged user. *** Query: Do you want to proceed anyway? (yes/no) yes *** Warning: Expected privileged user 'deepthought+cyg_server' does not exist. *** Warning: Defaulting to 'SYSTEM' *** Info: The sshd service has been installed under the LocalSystem *** Info: account (also known as SYSTEM). To start the service now, call *** Info: `net start sshd' or `cygrunsrv -S sshd'.Ã Otherwise, it *** Info: will start automatically after the next reboot. *** Warning: Host configuration exited with 1 errors or warnings! *** Warning: Make sure that all problems reported are fixed, *** Warning: then re-run ssh-host-config.
Attachment:
cyg_check_s.txt
Description: Text document
-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |