ssh-host-config openssh-7.2p2-1 csih-0.9.9-1

[Fred Dinkler IV <bugs at solprime dot net>]

Hi,

I am trying to get SSH setup on my Windows 10 Pro install. The script
trips up at the user creation portion. I haven't been able to find the
right permissions to setup by hand, the closest I can get I still get:
sshd: PID 6904: fatal: seteuid 197609: Operation not permitted
in the event log on login attempts.Ã 
None of my googling has been fruitful, most hits I get are people doing
very wrong things, which I don't think I am doing, but feel free to
enlighten me.

The apparent problem with the script seems to be that it tries to use
the name deepthought+cyg_server (which is host+user) and cygwin doesn't
recognize that form, despite every indication that it should.

root@deepthought ~
$ cygcheck.exe -f `which ssh-host-config`
openssh-7.2p2-1

root@deepthought ~
$ cygcheck.exe -f /usr/share/csih/cygwin-service-installation-helper.sh
csih-0.9.9-1

root@deepthought ~
$ id cyg_server
uid=197617(cyg_server) gid=197121(None) groups=11(Authenticated
Users),197121(None),545(Users),544(Administrators)

root@deepthought ~
$ id deepthought+cyg_server
id: ÃÂÂdeepthought+cyg_serverÃÂÂ: no such user

The very first time I ran the ssh-host-config script I used the -y flag
and the output was much the same.Ã 

This is the output from the script run:

$ ssh-host-config

*** Info: Generating missing SSH host keys
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file

*** Info: StrictModes is set to 'yes' by default.
*** Info: This is the recommended setting, but it requires that the POSIX
*** Info: permissions of the user's home directory, the user's .ssh
*** Info: directory, and the user's ssh key files are tight so that
*** Info: only the user has write permissions.
*** Info: On the other hand, StrictModes don't work well with default
*** Info: Windows permissions of a home directory mounted with the
*** Info: 'noacl' option, and they don't work at all if the home
*** Info: directory is on a FAT or FAT32 partition.
*** Query: Should StrictModes be used? (yes/no) yes

*** Info: Privilege separation is set to 'sandbox' by default since
*** Info: OpenSSH 6.1.Ã  This is unsupported by Cygwin and has to be set
*** Info: to 'yes' or 'no'.
*** Info: However, using privilege separation requires a non-privileged
account
*** Info: called 'sshd'.
*** Info: For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Note that creating a new user requires that the current
account have
*** Info: Administrator privileges.Ã  Should this script attempt to create a
*** Query: new local account 'sshd'? (yes/no) yes
*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: [] tty ntsec
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.Ã  You need to have or to create a privileged
*** Info: account.Ã  This script will help you do so.

*** Info: It's not possible to use the LocalSystem account for services
*** Info: that can change the user id without an explicit password
*** Info: (such as passwordless logins [e.g. public key authentication]
*** Info: via sshd) when having to create the user token from scratch.
*** Info: For more information on this requirement, see
*** Info: https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless such an account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: No privileged account could be found.

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) yes
*** Query: Enter the new user name: cyg_server
*** Query: Reenter: cyg_server

*** Query: Create new privileged user account 'DEEPTHOUGHT\cyg_server'
(Cygwin name: 'deepthought+cyg_server')? (yes/no) yes
*** Info: Please enter a password for new user deepthought+cyg_server.Ã 
Please be sure
*** Info: that this password matches the password rules given on your
system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:

*** Info: User 'deepthought+cyg_server' has been created with password
'REDACTED'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'deepthought+cyg_server' account.

passwd: unknown user deepthought+cyg_server
*** Warning: Setting password expiry for user 'deepthought+cyg_server'
failed!
*** Warning: Please check that password never expires or set it to your
needs.
No user or group 'deepthought+cyg_server' known.
*** Warning: Assigning the appropriate privileges to user
'deepthought+cyg_server' failed!
*** ERROR: There was a serious problem creating a privileged user.
*** Query: Do you want to proceed anyway? (yes/no) yes
*** Warning: Expected privileged user 'deepthought+cyg_server' does not
exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.Ã  Otherwise, it
*** Info: will start automatically after the next reboot.

*** Warning: Host configuration exited with 1 errors or warnings!
*** Warning: Make sure that all problems reported are fixed,
*** Warning: then re-run ssh-host-config.

Attachment: cyg_check_s.txt
Description: Text document

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple