This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: sshd problems
- From: "Harig, Mark A." <maharig at idirect dot net>
- To: "David Monk" <david at purplebear dot net>,"Len Giambrone" <frodo at mit dot edu>
- Cc: <cygwin at cygwin dot com>
- Date: Thu, 10 Oct 2002 15:02:40 -0400
- Subject: RE: sshd problems
> -----Original Message-----
> From: David Monk [mailto:david@purplebear.net]
> Sent: Thursday, October 10, 2002 2:53 PM
> To: Harig, Mark A.; Len Giambrone
> Cc: cygwin@cygwin.com
> Subject: Re: sshd problems
>
>
> From the default installation, then ssh-host-config
> perspective of this now,
> my /var/empty looked like this immediately following ssh-host-config:
>
> drwxrwxrwx 2 system system 0 Oct 10 13:18 /var/empty
>
> Well, the date was different, as I have deleted and recreated
> it manually a
> couple times trying to get this working.
> Changing it to what you show:
>
> drwxr-xr-x 2 system system 0 Oct 10 13:18 /var/empty
>
> gives the following, using a separate key to even get sshd to run:
>
> $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> debug1: sshd version OpenSSH_3.4p1
> debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> Disabling protocol version 1. Could not load host key
> Bad owner or mode for /var/empty
>
You'll get the 'bad owner' message because you didn't start sshd via
cygrunsrv, i.e., as a service. cygrunsrv will run the sshd under the
SYSTEM account, instead of under your account.
Try the following:
#!/bin/sh
cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \
-d "Cygwin SSHD" \
-p /usr/sbin/sshd.exe \
-1 /var/log/sshd.log \
-2 /var/log/sshd.log \
-a "-e -D -ddd" \
&& \
cygrunsrv --start sshd
>
> Looking through the archives shows there have been a lot of
> recent problems
> with sshd. My current question is, does anyone now have sshd
> running as a
> service, using privsep on Windows 2000 with an NTFS filesystem? I am
> beginning to wonder if it could be due to service pack 3.
> That was a recent
> update to this system. Unfortunately, I only use sshd on this
> system when I
> need to do things from home, so I can not pinpoint exactly
> when this issue
> appeared.
>
It might be SP3; i can't rule it out. I have openssh-3.4p1 installed
and working.
I get the same errors that you are seeing when I attempt to run sshd
from the
command line:
$ /usr/sbin/sshd
Could not load host key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
And yet the sshd service (started via cygrunsrv) is running without any
problems.
> David
>
>
> ----- Original Message -----
> From: "Harig, Mark A." <maharig@idirect.net>
> To: "David Monk" <david@purplebear.net>; "Len Giambrone"
> <frodo@mit.edu>
> Cc: <cygwin@cygwin.com>
> Sent: Thursday, October 10, 2002 1:41 PM
> Subject: RE: sshd problems
>
>
> According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
>
> >The new ssh-host-config script also adds the /var/empty directory
> >needed by privilege separation. When creating the
> /var/empty directory
> >by yourself, please note that in contrast to the README.privsep
> document
> >the owner sshould not be "root" but the user which is running sshd.
> So,
> >in the standard configuration this is SYSTEM. The ssh-host-config
> script
> >chowns /var/empty accordingly.
>
> In /usr/bin/ssh-host-config is the following code:
>
> ># Create /var/empty file used as chroot jail for privilege separation
> >if [ -f /var/empty ]
> >then
> > echo "Creating /var/empty failed\!"
> >else
> > mkdir -p /var/empty
> > # On NT change ownership of that dir to user "system"
> > if [ $_nt -gt 0 ]
> > then
> > chown system.system /var/empty
> > fi
> >fi
>
> For me, I have the following permissions:
>
> $ ls -ld /var/empty
> drwxr-xr-x 2 SYSTEM SYSTEM 0 Jul 24 11:39 /var/empty
>
> > -----Original Message-----
> > From: David Monk [mailto:david@purplebear.net]
> > Sent: Thursday, October 10, 2002 2:31 PM
> > To: Len Giambrone
> > Cc: cygwin@cygwin.com
> > Subject: Re: sshd problems
> >
> >
> > Generating a new key worked, as far as finding the key goes. Then it
> > presented me with a /var/empty ownership or permissions
> > issue. So, thinking
> > along the same lines, I chaned owner of that dir to myself.
> > Finally, sshd
> > runs. Not as a service unfortunately, but it does run. Also
> > unfortunately, I
> > can not log in under these circumstances. I get a password
> > prompt, but it
> > never accepts it. I can only guess this has something to do
> > with privlege
> > separation.
> >
> > Anyway, the main problem here, from the beginning of this
> > thread, is that
> > openssh was working fine, running as a service, using
> > privlege separation
> > until approx 2 weeks ago. The only thing I could have
> > possibly done to break
> > that was updating packages. So, somewhere, something in
> > cygwin changed.
> > Either specifically with the openssh package or with the some
> > other aspect,
> > but something has definitely changed. Again, this was working
> > beautifully I
> > know for absolute certainty 3 weeks ago, the server running
> > as a service via
> > cygrunsrv, utilizing the privlege separation. The only things
> > that have been
> > done to this system over the last few months has been regular
> > virus updates,
> > updates for Windows and cygwin updates. I have not messed with any
> > configuration files, nor have I changed any file permissions
> > within cygwin
> > of it's file tree to cause this.
> >
> > David
>
> (a huge amount of text deleted)
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
>
>
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/