can't start sshd

Jay Abel
Mon Jan 8 20:04:00 GMT 2007

----- Original Message ----- 
From: "Charles D. Russell"
To: "cygwin cygwin"
Sent: Monday, January 08, 2007 9:22 AM
Subject: Re: can't start sshd

> Windows event log shows only information events (id 0) from sshd, but 
> /var /log/sshd.log showed:
> /var/empty must be owned by root and not group or world-writable
> Presumably that is my problem, since ls shows:
> drwxr-xr-x+  2 cdr None  0 Jan  6 13:48 empty/
> The simple hack of disabling privilege separation has given me a 
> working system, which I am not  inclined to monkey with, but if I have 
> problems in the future I'll pursue this track.  Thanks for the advice.

It is my experience that 90% of the time, if sshd refuses to start or if 
ssh refuses to connect, there is a file permission problem somewhere. 
Most of the required permissions make sense if you think about them:

1. Host key not writable
2. /var/empty not writable so that sshd cannot be hacked
3. configuration file not writable by just anyone.
4. others, consult SSH documentation

If you cannot connect, check

1. Private key is not readable by others (duh)
2. Authorized keys is not writable (double duh)
3. others, consult SSH documentation

And be sure that you have a configuration which supports file 
permissions.  You may need ntsec and ntea if using FAT, consult your 
documentation for details.

If you set up sshd using the ssh-host-config and ssh-user-config 
scripts, these will all be correct by default, but once you have tweaked 
the configurations, these scripts won't overwrite them by default.

A warning, NEVER let windows touch the permissions on a cygwin tree. 
Many things in unixes depend on permissions being set a certain, 
rational, way.  Trying to fix things by setting permissions on a whole 
tree can make a horrible mess, please resist the temptation to fix 
things this way.  I speak from experience here.

Cygwin works much better if you use ntfs.  Emulating permissions on FAT 
systems will allow things to work, but provides no real security and 
shouldn't be used on a machine accesible from the public network.

Hope this helps.

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list