can't start sshd
Mon Jan 8 20:04:00 GMT 2007
----- Original Message -----
From: "Charles D. Russell"
To: "cygwin cygwin"
Sent: Monday, January 08, 2007 9:22 AM
Subject: Re: can't start sshd
> Windows event log shows only information events (id 0) from sshd, but
> /var /log/sshd.log showed:
> /var/empty must be owned by root and not group or world-writable
> Presumably that is my problem, since ls shows:
> drwxr-xr-x+ 2 cdr None 0 Jan 6 13:48 empty/
> The simple hack of disabling privilege separation has given me a
> working system, which I am not inclined to monkey with, but if I have
> problems in the future I'll pursue this track. Thanks for the advice.
It is my experience that 90% of the time, if sshd refuses to start or if
ssh refuses to connect, there is a file permission problem somewhere.
Most of the required permissions make sense if you think about them:
1. Host key not writable
2. /var/empty not writable so that sshd cannot be hacked
3. configuration file not writable by just anyone.
4. others, consult SSH documentation
If you cannot connect, check
1. Private key is not readable by others (duh)
2. Authorized keys is not writable (double duh)
3. others, consult SSH documentation
And be sure that you have a configuration which supports file
permissions. You may need ntsec and ntea if using FAT, consult your
documentation for details.
If you set up sshd using the ssh-host-config and ssh-user-config
scripts, these will all be correct by default, but once you have tweaked
the configurations, these scripts won't overwrite them by default.
A warning, NEVER let windows touch the permissions on a cygwin tree.
Many things in unixes depend on permissions being set a certain,
rational, way. Trying to fix things by setting permissions on a whole
tree can make a horrible mess, please resist the temptation to fix
things this way. I speak from experience here.
Cygwin works much better if you use ntfs. Emulating permissions on FAT
systems will allow things to work, but provides no real security and
shouldn't be used on a machine accesible from the public network.
Hope this helps.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
More information about the Cygwin