Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
X-MIMEOLE: Produced By Microsoft Exchange V6.0.4417.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: sshd problems
Date: Thu, 10 Oct 2002 15:02:40 -0400
Message-ID: <BADF3C947A1BD54FBA75C70C241B0B9E10AAF3@ex02.idirect.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
From: "Harig, Mark A." <maharig AT idirect DOT net>
To: "David Monk" <david AT purplebear DOT net>, "Len Giambrone" <frodo AT mit DOT edu>
Cc: <cygwin AT cygwin DOT com>
Note-from-DJ: This may be spam
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id g9AKJmR22220



> -----Original Message-----
> From: David Monk [mailto:david AT purplebear DOT net]
> Sent: Thursday, October 10, 2002 2:53 PM
> To: Harig, Mark A.; Len Giambrone
> Cc: cygwin AT cygwin DOT com
> Subject: Re: sshd problems
> 
> 
> From the default installation, then ssh-host-config 
> perspective of this now,
> my /var/empty looked like this immediately following ssh-host-config:
> 
> drwxrwxrwx    2 system   system          0 Oct 10 13:18 /var/empty
> 
> Well, the date was different, as I have deleted and recreated 
> it manually a
> couple times trying to get this working.
> Changing it to what you show:
> 
> drwxr-xr-x    2 system   system          0 Oct 10 13:18 /var/empty
> 
> gives the following, using a separate key to even get sshd to run:
> 
> $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> debug1: sshd version OpenSSH_3.4p1
> debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> Disabling protocol version 1. Could not load host key
> Bad owner or mode for /var/empty
>

You'll get the 'bad owner' message because you didn't start sshd via
cygrunsrv, i.e., as a service.  cygrunsrv will run the sshd under the
SYSTEM account, instead of under your account.

Try the following:

#!/bin/sh

cygrunsrv --install sshd -e "CYGWIN=glob ntsec binmode" \
   -d "Cygwin SSHD" \
   -p /usr/sbin/sshd.exe \
   -1 /var/log/sshd.log \
   -2 /var/log/sshd.log \
   -a "-e -D -ddd" \
&& \
cygrunsrv --start sshd

> 
> Looking through the archives shows there have been a lot of 
> recent problems
> with sshd. My current question is, does anyone now have sshd 
> running as a
> service, using privsep on Windows 2000 with an NTFS filesystem? I am
> beginning to wonder if it could be due to service pack 3. 
> That was a recent
> update to this system. Unfortunately, I only use sshd on this 
> system when I
> need to do things from home, so I can not pinpoint exactly 
> when this issue
> appeared.
> 

It might be SP3; i can't rule it out.  I have openssh-3.4p1 installed
and working.

I get the same errors that you are seeing when I attempt to run sshd
from the 
command line:

$ /usr/sbin/sshd
Could not load host key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

And yet the sshd service (started via cygrunsrv) is running without any
problems.

> David
> 
> 
> ----- Original Message -----
> From: "Harig, Mark A." <maharig AT idirect DOT net>
> To: "David Monk" <david AT purplebear DOT net>; "Len Giambrone" 
> <frodo AT mit DOT edu>
> Cc: <cygwin AT cygwin DOT com>
> Sent: Thursday, October 10, 2002 1:41 PM
> Subject: RE: sshd problems
> 
> 
> According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
> 
> >The new ssh-host-config script also adds the /var/empty directory
> >needed by privilege separation.  When creating the 
> /var/empty directory
> >by yourself, please note that in contrast to the README.privsep
> document
> >the owner sshould not be "root" but the user which is running sshd.
> So,
> >in the standard configuration this is SYSTEM.  The ssh-host-config
> script
> >chowns /var/empty accordingly.
> 
> In /usr/bin/ssh-host-config is the following code:
> 
> ># Create /var/empty file used as chroot jail for privilege separation
> >if [ -f /var/empty ]
> >then
> >  echo "Creating /var/empty failed\!"
> >else
> >  mkdir -p /var/empty
> >  # On NT change ownership of that dir to user "system"
> >  if [ $_nt -gt 0 ]
> >  then
> >    chown system.system /var/empty
> >  fi
> >fi
> 
> For me, I have the following permissions:
> 
>   $ ls -ld /var/empty
>   drwxr-xr-x    2 SYSTEM   SYSTEM          0 Jul 24 11:39 /var/empty
> 
> > -----Original Message-----
> > From: David Monk [mailto:david AT purplebear DOT net]
> > Sent: Thursday, October 10, 2002 2:31 PM
> > To: Len Giambrone
> > Cc: cygwin AT cygwin DOT com
> > Subject: Re: sshd problems
> >
> >
> > Generating a new key worked, as far as finding the key goes. Then it
> > presented me with a /var/empty ownership or permissions
> > issue. So, thinking
> > along the same lines, I chaned owner of that dir to myself.
> > Finally, sshd
> > runs. Not as a service unfortunately, but it does run. Also
> > unfortunately, I
> > can not log in under these circumstances. I get a password
> > prompt, but it
> > never accepts it. I can only guess this has something to do
> > with privlege
> > separation.
> >
> > Anyway, the main problem here, from the beginning of this
> > thread, is that
> > openssh was working fine, running as a service, using
> > privlege separation
> > until approx 2 weeks ago. The only thing I could have
> > possibly done to break
> > that was updating packages. So, somewhere, something in
> > cygwin changed.
> > Either specifically with the openssh package or with the some
> > other aspect,
> > but something has definitely changed. Again, this was working
> > beautifully I
> > know for absolute certainty 3 weeks ago, the server running
> > as a service via
> > cygrunsrv, utilizing the privlege separation. The only things
> > that have been
> > done to this system over the last few months has been regular
> > virus updates,
> > updates for Windows and cygwin updates. I have not messed with any
> > configuration files, nor have I changed any file permissions
> > within cygwin
> > of it's file tree to cause this.
> >
> > David
> 
> (a huge amount of text deleted)
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 
> 
> 
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/