This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] Updated: OpenSSH-3.5p1-1
- From: "Elfyn McBratney" <emcb_exposure at hotmail dot com>
- To: karlm30 at hotmail dot com, cygwin at cygwin dot com
- Date: Thu, 07 Nov 2002 17:34:49 +0000
- Subject: Re: [ANNOUNCEMENT] Updated: OpenSSH-3.5p1-1
- Bcc:
If you check your /var/log/sshd.log you might see that the permissions are
too open on your key files...
Elfyn
emcb_exposure@hotmail.com
-----------------------------------------------
elfyn@exposure.org.uk
From: "Karl M" <karlm30@hotmail.com>
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] Updated: OpenSSH-3.5p1-1
Date: Thu, 07 Nov 2002 09:23:30 -0800
MIME-Version: 1.0
X-Originating-IP: [63.208.109.50]
Received: from sources.redhat.com ([209.249.29.67]) by
mc2-f31.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 7 Nov
2002 09:24:01 -0800
Received: (qmail 17249 invoked by alias); 7 Nov 2002 17:23:32 -0000
Received: (qmail 17219 invoked from network); 7 Nov 2002 17:23:31 -0000
Received: from unknown (HELO hotmail.com) (64.4.21.134) by
sources.redhat.com with SMTP; 7 Nov 2002 17:23:31 -0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Thu, 7 Nov 2002 09:23:30 -0800
Received: from 63.208.109.50 by lw14fd.law14.hotmail.msn.com with HTTP;Thu,
07 Nov 2002 17:23:30 GMT
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Unsubscribe:
<mailto:cygwin-unsubscribe-emcb_exposure=hotmail.com@cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>,
<http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Message-ID: <F134oznxWrwjvzWvTlt000010f3@hotmail.com>
X-OriginalArrivalTime: 07 Nov 2002 17:23:30.0444 (UTC)
FILETIME=[642E94C0:01C28682]
Return-Path: cygwin-return-61106-emcb_exposure=hotmail.com@cygwin.com
The behavior I see now is that if I do
chown administrators.none /etc/ssh_host_rsa_key*
chmod 777 /etc/ssh_host_rsa_key*
Then with StrictModes enabled, sshd will start and run just fine (running
as system). But if I then do
chown system.none /etc/ssh_host_rsa_key*
Then sshd fails to start. But I (think I) recall that in the past the
protection had to be tight and the owner had to be system for sshd to
start? Am I remembering correctly?
Thanks,
...Karl
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
Reply-To: cygwin@cygwin.com
To: cygwin@cygwin.com
Subject: Re: [ANNOUNCEMENT] Updated: OpenSSH-3.5p1-1
Date: Thu, 7 Nov 2002 17:11:57 +0100
On Thu, Nov 07, 2002 at 06:59:08AM -0800, Karl M wrote:
> Hi All...
>
> I just updated to 3.5p1-1. I had to set PermitUserEnvironment in my
> sshd_config file. Should this be included by default in the
ssh-host-config
> script?
You're right that PermitUserEnvironment should be added to
ssh-host-config.
But it's set to no by default, so you have to change it anyway.
> I was a bit puzzled by the file owner and permission checking for the
host
> keys now (with StrictModes enabled)...If the owner is wrong, the mode
> checking is ignored. I recall this test being stronger in the
past...didn't
> the owner have to be correct (SYSTEM)? If so, why the change to a
kinder
> gentler (less effective) safety check?
auth.c, line 378ff:
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
log("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
pw->pw_name, user_hostfile);
The above code checks the mode additionally to the user id so what's
gentler here? Or do you mean another piece of code?
> Given the host local security issues with using Cygwim, is there much
> advantage to priv sep? Could someone please give a brief overview of
what it
> is and how and why it helps?
README.privsep?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/