Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com To: cygwin AT cygwin DOT com X-Injected-Via-Gmane: http://gmane.org/ Path: not-for-mail From: Marc Girod Subject: Re: sshd installation on NT 5.0 Date: 28 Nov 2002 17:40:26 +0200 Organization: Nokia Network Lines: 74 Message-ID: <1yadjt4s9h.fsf@farin.ntc.nokia.com> References: <3500515B75D9D311948800508BA37955950978 AT EX-LONDON> <1yk7izzcc0 DOT fsf AT farin DOT ntc DOT nokia DOT com> <1ybs4bz95c DOT fsf AT farin DOT ntc DOT nokia DOT com> <20021127100943 DOT G1398 AT cygbert DOT vinschen DOT de> <1y7kezz5qi DOT fsf AT farin DOT ntc DOT nokia DOT com> <1y3cpnz4l0 DOT fsf AT farin DOT ntc DOT nokia DOT com> <1yy97fxozs DOT fsf AT farin DOT ntc DOT nokia DOT com> <20021127121512 DOT J1398 AT cygbert DOT vinschen DOT de> <1yu1i3xlem DOT fsf AT farin DOT ntc DOT nokia DOT com> <20021127164842 DOT M1398 AT cygbert DOT vinschen DOT de> NNTP-Posting-Host: esnat01x.nokia.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1038497895 28878 192.100.124.27 (28 Nov 2002 15:38:15 GMT) X-Complaints-To: usenet AT main DOT gmane DOT org NNTP-Posting-Date: Thu, 28 Nov 2002 15:38:15 +0000 (UTC) Mail-Copies-To: never User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.5 >>>>> "CV" == Corinna Vinschen writes: CV> Things to check: CV> - /usr/sbin/sshd.exe, /bin/cygwin1.dll, /bin/cygcrypto.dll, /bin/cygz.dll CV> executable for everyone? $ ls -l /usr/sbin/sshd.exe /bin/cygwin1.dll /bin/cygcrypto.dll /bin/cygz.dll -rwxrwxrwx 1 Administ None 657920 Nov 9 11:58 /bin/cygcrypto.dll -rwxrwxrwx 1 Administ None 940360 Nov 23 05:20 /bin/cygwin1.dll -rwxrwxrwx 1 Administ None 50688 Mar 12 2002 /bin/cygz.dll -rwxrwxrwx 1 Administ None 305664 Nov 9 11:20 /usr/sbin/sshd.exe A bit liberal, maybe... Usually -r-xr-xr-x should be enough? (Also below) CV> - /etc readable for everyone but only writable by the owner? $ ls -ld /etc drwxrwxrwx 6 Administ None 4096 Nov 28 14:11 /etc CV> - /etc/passwd, /etc/group readable for everyone? $ ls -l /etc/passwd /etc/group -rwxrwxrwx 1 Administ None 468 Nov 26 17:12 /etc/group -rwxrwxrwx 1 Administ None 2904 Nov 26 17:20 /etc/passwd CV> - /etc/passwd and /etc/group contain uid/gid 18 entry for SYSTEM, both CV> with SID in either pw_gecos or gr_passwd field? $ grep -E '\<18\>' /etc/passwd /etc/group /etc/passwd:SYSTEM:*:18:544:,S-1-5-18:: /etc/group:SYSTEM:S-1-5-18:18:8: Not sure about the positions... CV> - /etc/passwd contains sshd entry? $ grep -E '\' /etc/passwd sshd:unused_by_nt/2000/xp:1021:513:sshd privsep,U-HEITSB03LAB\sshd,S-1-5-21-1935655697-1409082233-1801674531-1021:/var/empty:/bin/false CV> - /etc/ssh* owned by SYSTEM? $ ls -l /etc/ssh* -rw-rw-rw- 1 NOSP_Adm None 1049 Nov 27 12:42 /etc/ssh_config -rw------- 1 NOSP_Adm None 668 Nov 27 12:42 /etc/ssh_host_dsa_key -rw-r--r-- 1 NOSP_Adm None 612 Nov 27 12:42 /etc/ssh_host_dsa_key.pub -rw------- 1 NOSP_Adm None 537 Nov 27 12:42 /etc/ssh_host_key -rw-r--r-- 1 NOSP_Adm None 341 Nov 27 12:42 /etc/ssh_host_key.pub -rw------- 1 NOSP_Adm None 887 Nov 27 12:42 /etc/ssh_host_rsa_key -rw-r--r-- 1 NOSP_Adm None 232 Nov 27 12:42 /etc/ssh_host_rsa_key.pub -rw-rw-rw- 1 NOSP_Adm None 2142 Nov 27 12:42 /etc/sshd_config Changed to SYSTEM:SYSTEM CV> - /etc/ssh*key files only writable by owner SYSTEM? $ ls -l /etc/ssh*key -rw------- 1 SYSTEM SYSTEM 668 Nov 27 12:42 /etc/ssh_host_dsa_key -rw------- 1 SYSTEM SYSTEM 537 Nov 27 12:42 /etc/ssh_host_key -rw------- 1 SYSTEM SYSTEM 887 Nov 27 12:42 /etc/ssh_host_rsa_key CV> - /var/empty owned by SYSTEM? CV> - /var/empty permissions only writable by owner SYSTEM? $ ls -ld /var/empty drwxr-xr-x 2 SYSTEM SYSTEM 0 Nov 26 17:19 /var/empty And yes, it started... Thank You very much! -- Marc Girod P.O. Box 323 Voice: +358-71 80 25581 Nokia NBI 00045 NOKIA Group Mobile: +358-50 38 78415 Takomo 1 / 4c27 Finland Fax: +358-71 80 61604 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/