This is the mail archive of the
mailing list for the Cygwin project.
RE: Take 2: Testers for new ssh-*-config scripts wanted!
- From: "Philippe Torche" <philippe dot torche at jle dot ch>
- To: <cygwin at cygwin dot com>
- Date: Mon, 3 Nov 2003 18:51:04 +0100
- Subject: RE: Take 2: Testers for new ssh-*-config scripts wanted!
1. Line 488 (you will hate me !?) : read _cygwin --->>> read -e _cygwin
2. If password complexity is enabled (yes per default) use a more complex
password : length of 7 min (max 14 to avoid some warning about W2K), lower
case and upper case letters.
Good work, Philippe.
> -----Message d'origine-----
> De : firstname.lastname@example.org [mailto:email@example.com]
> De la part de Corinna Vinschen
> Envoyé : lundi, 3. novembre 2003 17:22
> À : firstname.lastname@example.org
> Objet : Take 2: Testers for new ssh-*-config scripts wanted!
> I'd like to ask for more testing of the new ssh-host-config
> and ssh-user-config scripts.
> The new thing here is, that the ssh-host-config script now
> tries to figure out if the machine is a 2003 Server or newer
> system. If so, the script asks, if it should create a new
> account "sshd_server"
> to use as account to run sshd as service under. If you say
> "yes" at this point, a bunch of funny new activities is started:
> - The script creates a sshd_server account
> - It adds that account to the administrators group *iff* it's able
> to figure out the name of that group from the /etc/group file.
> This means, you must not change the name of the administrators
> group in /etc/group and the SID (S-1-5-32-544) must be available
> in that entry.
> - It uses the new editrights utility to add the necessary user rights
> to the new sshd_server account.
> These rights also explicitely deny logon locally and over network
> and allow logon only as service for security reasons.
> The ssh-user-config script has also been changed. It tries
> to figure out if the machine is a 2003 Server or newer and if
> so, it sets the permissions of the users ~/.ssh directory and
> the users ~/ssh/authorized_keys file so that the sshd_server
> account has read permissions on both. If it's an older
> system, it does the same for the SYSTEM account.
> Also on 2003, the sshd_server account is used for ownership
> of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log).
> Further changes:
> - Require bash for both scripts.
> - Use `read -e' in both scripts to enable readline support.
> So, I'd like to ask especially users of a 2003 Server system
> to test that script. Users of other systems are of course
> also welcome since I want to be sure that I haven't broken
> these systems.
> Attached are both scripts plus the vanilla ssh_config and
> sshd_config file. The latter two have to be copied to
> /etc/defaults/etc. Please not that the "editrights" tool has
> to be installed on your system.
> You can find it in the Base category when updating with setup.exe.
> Thanks in advance,
> Corinna Vinschen Please, send mails
> regarding Cygwin to
> Cygwin Developer
> Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html