This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Sshd cannot be manually restarted

I used ssh-host-config to set up the sshd service and provided different options to the queries. In between variations of input to ssh-host-config, I completely removed Cygwin and reinstalled it.

To provide a clear problem description, I started from a fresh install and used the attached install.bat.txt script (my mail client removed the previous script because it was a batch file) to install Cygwin and configure sshd. Everything works fine in the script except for the final command which attempts to start the service and results in the output below. Attached is also the cygcheck output after the installation.
---- Output ----
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.
---- End Output ----

So after the clean install, the service does not start. But I rebooted the machine and the service is running once I get logged in to the machine (ssh-host-config sets the start mode to auto):
---- Output ----
C:\>sc query sshd

        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
---- End Output ----
I can connect to the machine remotely using PuTTY. Looking in the Windows Application event log, I see three logged events related to sshd:
sshd: PID 1616: `sshd' service started
sshd: PID 1952: Server listening on :: port 22.
sshd: PID 1952: Server listening on port 22.
/var/log/sshd.log is present but empty because log entries are going to the Windows event log.

This all looks normal as compared to other working machines. However, if I stop the service and try to start it again, it fails:
---- Output ----
C:\>net stop sshd
The CYGWIN sshd service is stopping.
The CYGWIN sshd service was stopped successfully.

C:\>net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

A system error has occurred.

System error 1067 has occurred.

The process terminated unexpectedly.
---- End Output ----

One last piece of information that might be helpful comes from turning on process auditing on the problem machine. It shows the following two audit entries right next to each other with an abnormal exit code from cygrunsrv.exe:
A new process has been created.

	Security ID:		SYSTEM
	Account Name:		STREAMINGDEV$
	Account Domain:		PCC
	Logon ID:		0x3e7

Process Information:
	New Process ID:		0xec4
	New Process Name:	C:\cygwin\bin\cygrunsrv.exe
	Token Elevation Type:	TokenElevationTypeDefault (1)
	Creator Process ID:	0x21c
A process has exited.

	Security ID:		PCC\sdoracle
	Account Name:		sdoracle
	Account Domain:		PCC
	Logon ID:		0x1f7d23

Process Information:
	Process ID:	0xec4
	Process Name:	C:\cygwin\bin\cygrunsrv.exe
	Exit Status:	0xc0000005

Any ideas of what could be preventing the service from being restarted would be appreciated.

-- Matt Johnson

> -----Original Message-----
> From: 
> Sent: Thursday, May 02, 2013 10:58 AM 
> Subject: Re: Sshd cannot be manually restarted
> On 5/2/2013 10:04 AM, Johnson, Matt wrote:
> > I am having difficulty getting the sshd service to run through Cygwin.
> > Attached is the cygcheck output for the server that I am having problems with.
> OK, let's start with this as a backdrop for this discussion.  sshd is
> difficult to configure because of the security restrictions it imposes (by
> definition).  While it's possible to configure it to work in all kinds of
> situations, it requires allot of knowledge, lots of experimentation, or
> both.  To make things easier for the typical usage, ssh-host-config script
> exists.  This has its limitations, of course.  In particular, it makes a
> special local account to run sshd under with the proper permissions to
> support public key authentication for local users (plus general password
> authentication).  From the information you've provided below, you've clearly
> taken a different route to configure your system.  While you are free to
> do so, that puts you in fairly uncharted territory.  So let's proceed with
> this as a basis of understanding.
> > Attached is a batch file which I initially used to install Cygwin and
> > configure sshd (used this script because it worked on 2 other servers).
> Oops.  No script attached.  This is both a red flag (use of some unknown
> and unsupported script) and a pointer to a possible solution for you.  If
> you've used this script successfully on 2 other servers, you have a basis
> for comparison between non-working and working servers to find what's
> getting in your way here.
> > Everything worked fine until trying to start the service. Odd behavior is
> > that rebooting the machine results in the service running fine (it is set to
> > automatic startup). Stopping the service and trying to start it again
> > results in the failures below. I can run /usr/sbin/sshd -D from a Cygwin
> > prompt and it works fine.
> OK, generally speaking, starting sshd from the command line as your user is
> a big 'no-no', assuming you care about public key authentication at least.
> You may not care or you may have set your account up with all the necessary
> permissions to do this (even domain-wide).  Either one of these courses of
> action is fine so long as you understand the limits and/or what needs to be
> done to achieve success.  But if what I've just said puts you outside of
> your comfort zone, it's best to stop right here and reassess what you're
> trying to do.
> > Starting from the Services snap-in results in "Windows could not start
> > the  CYGWIN sshd service on Local Computer. Error 1067: The process
> terminated
> > unexpectedly." There are no entries in the Application event log related to
> > (Cygwin) sshd. Entry in System event log: " The CYGWIN sshd service
> > terminated unexpectedly. It has done this 26 time(s)."
> You may find more useful information in /var/log/sshd/log.  Based on your
> cygcheck output, I would expect that you will find all sorts of log info
> there, since you're running a debug session of sshd (good!).  So there will
> be all sorts of log info that you can look at and will likely provide some
> insight.  Keep in mind, running sshd as debug, while very helpful in for
> diagnostics, means that each disconnected session will terminate the sshd
> service.
> > Admin command prompt:
> > ---- Output ----
> > C:\>net start sshd
> > The CYGWIN sshd service is starting.
> > The CYGWIN sshd service could not be started.
> >
> > A system error has occurred.
> >
> > System error 1067 has occurred.
> >
> > The process terminated unexpectedly.
> >
> > C:\>C:\cygwin\Cygwin.bat
> >
> > sdoracle@STREAMINGDEV ~
> > $ cygrunsrv -S sshd
> > cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1062:
> > The service has not been started.
> >
> >
> > sdoracle@STREAMINGDEV ~
> > $
> > ---- End Output ----
> >
> > Things I have tried:
> > Used a local privileged user to run the service
> > Used a different domain user that successfully runs the sshd service on a
> different machine
> > Created a fresh domain account to run the sshd service
> > Searched for duplicate cygwin1.dll's - none found
> > Applied full control to SYSTEM to C:\cygwin, C:\cygwin\var, and
> C:\cygwin\var\log
> I'd be careful about setting permissions, especially globally.  Unless
> you're going to turn off permission checking for sshd, it's going to be
> pretty picky about what it expects where.  Setting things globally usually
> results in, frankly, wrong permissions in spots where it counts.  Remember
> sshd is trying to maintain some amount of security so it's not only looking
> for access in certain areas but also lack of access to groups and others.
> See ssh-host-config for details here.
> > Removed local group policy object and rebooted machine
> > Compared Local Security options and User Rights to working servers (identical
> except for administrator account name)
> > Turned Windows firewall on and off
> Sounds like your best bet is to review ssh-host-config comparing
> permissions it sets for files and directories with those that
> you have on the non-working and working servers.  Also, I'd
> recommend carefully going through the sshd.log from your debug
> session.  Separately or in combination, I think these two
> avenues will help you allot.
> --
> Larry
> _________________________________________________________________
> ____
> A: Yes.
>  > Q: Are you sure?
>  >> A: Because it reverses the logical flow of conversation.
>  >>> Q: Why is top posting annoying in email?
> --
> Problem reports:
> FAQ:         
> Documentation:
> Unsubscribe info:

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]