[1.7.15-1] Installing sshd fails

Andre Loker mail@andreloker.de
Fri May 11 08:11:00 GMT 2012


Hello,

I'm trying to install cygwin 1.7.15-1 on a new Windows Server 2008 R2 
machine. I can't get sshd to install properly.

When I run ssh-host-config the script says that creation of the user 
sshd has failed:


------------------------------------
$ ssh-host-config

*** Info: Generating /etc/ssh_host_key
*** Info: Generating /etc/ssh_host_rsa_key
*** Info: Generating /etc/ssh_host_dsa_key
*** Info: Generating /etc/ssh_host_ecdsa_key
*** Info: Creating default /etc/ssh_config file
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read 
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Note that creating a new user requires that the current 
account have
*** Info: Administrator privileges.  Should this script attempt to create a
*** Query: new local account 'sshd'? (yes/no) yes
*** Warning: Creating the user 'sshd' failed!
*** ERROR: Couldn't create user 'sshd'!
*** ERROR: Privilege separation set to 'no' again!
*** ERROR: Check your /etc/sshd_config file!
*** Info: Updating /etc/sshd_config file
------------------------------------

However, the sshd user has in fact been created in Windows. If I re-run 
ssh-host-config now and confirm to overwrite the config files, the 
scripts runs further but fails when creating cyg_server:

------------------------------------
$ ssh-host-config

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read 
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later.  On these systems, it's not possible to use the 
LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: No privileged account could be found.

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
*** Info: Please enter a password for new user cyg_server.  Please be sure
*** Info: that this password matches the password rules given on your 
system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:

*** Warning: Creating the user 'cyg_server' failed!  Reason:
The user or group account specified cannot be found.

The user was successfully created but could not be added
to the USERS local group.

More help is available by typing NET HELPMSG 3774.


*** Info: Please enter a password for new user cyg_server.  Please be sure
*** Info: that this password matches the password rules given on your 
system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
------------------------------------

It then hangs in a loop asking for the password. At this point the 
cyg_server user has been created but is not member of any group.
If I now manually add cyg_server to Users and Administrators and once 
again rerun the ssh-host-config:


------------------------------------
$ ssh-host-config

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read 
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows XP 64bit, Windows 2003 Server,
*** Info: or later.  On these systems, it's not possible to use the 
LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: The following privileged accounts were found: 'cyg_server' .

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Please enter the password for user 'cyg_server':
*** Query: Reenter:

*** Warning: User cyg_server does not appear in /etc/passwd.

*** Info: The sshd service has been installed under the 'cyg_server'
*** Info: account.  To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
*** Info: after the next reboot.
*** Warning: Couldn't change owner of /etc/ssh_config!
*** Warning: Couldn't change owner of /etc/sshd_config!
*** Warning: Couldn't change owner of /etc/ssh_host_dsa_key!
*** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key!
*** Warning: Couldn't change owner of /etc/ssh_host_key!
*** Warning: Couldn't change owner of /etc/ssh_host_rsa_key!
*** Warning: Couldn't change owner of /etc/ssh_host_dsa_key.pub!
*** Warning: Couldn't change owner of /etc/ssh_host_ecdsa_key.pub!
*** Warning: Couldn't change owner of /etc/ssh_host_key.pub!
*** Warning: Couldn't change owner of /etc/ssh_host_rsa_key.pub!
*** Warning: Couldn't change owner of /var/empty!
*** Warning: Couldn't change owner of /var/log/lastlog!
*** Warning: Couldn't change owner of important files to cyg_server!
*** Warning: This may cause the sshd service to fail!  Please make sure that
*** Warning: you have suufficient permissions to change the ownership of 
files
*** Warning: and try to run the ssh-host-config script again.

*** Warning: Host configuration exited with 12 errors or warnings!
*** Warning: Make sure that all problems reported are fixed,
*** Warning: then re-run ssh-host-config.
------------------------------------

Finally: if I update /etc/passwd:
$ mkpasswd -l > /etc/passwd

and rerun the script I get:
------------------------------------

$ ssh-host-config

*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read 
/usr/share/doc/openssh/README.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file

*** Info: Sshd service is already installed.
*** Warning: Couldn't determine name of user running sshd service from 
/etc/passwd!
*** Warning: As a result, this script cannot make sure that the files used
*** Warning: by the sshd service belong to the user running the service.
*** Warning: Please re-run the mkpasswd tool to make sure the /etc/passwd
*** Warning: file is in a good shape.

*** Warning: Host configuration exited with 1 errors or warnings!
*** Warning: Make sure that all problems reported are fixed,
*** Warning: then re-run ssh-host-config.
------------------------------------

I have successfully installed pre 1.7.15 versions on identical machines 
so I assume something has changed in 1.7.15 that causes those errors. 
I'm running the Cygwin Terminal with elevated rights, of course.

Any help to fix this is much appreciated.

With kind regards,
Andre Loker




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list