X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS X-Spam-Check-By: sourceware.org Message-ID: <499CBDE4.6020109@cygwin.com> Date: Wed, 18 Feb 2009 21:03:16 -0500 From: "Larry Hall (Cygwin)" Reply-To: cygwin AT cygwin DOT com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20090101 Remi/2.0.0.19-1.fc8.remi Lightning/0.9 Thunderbird/2.0.0.19 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: sshd w/o admin? References: <499C384F DOT 2070708 AT cygwin DOT com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Aaron Davies wrote: > On Thu, Feb 19, 2009 at 12:33 AM, Larry Hall (Cygwin) > wrote: ^^^^^^ Thanks! > >> Aaron Davies wrote: >>> is it possible to get sshd working w/o admin privs? >> Running 'ssh-host-config' requires adminstrative privileges to create >> users to run 'sshd' as a service (for W2K3 and later) and for privilege >> separation. If you don't want/need these, then you can bypass these >> as part of the configuration. This will mean: >> >> 1. You cannot run sshd as a service (on W2K3 or later) so you will not >> be able to use pub-key authentication. On W2K and XP systems, you >> can use the existing 'SYSTEM' user to run 'sshd' as a service if >> you'd like. > I'm on XP Pro. How would I go about installing it as a service under > SYSTEM? ssh-host-config doesn't seem to be able to do that for me (log > attached, as is cygcheck output). Of course. My mistake. You need admin privileges to install a service. If you don't have this or can't get it for the configuration portion of the installation, you won't be able to run as a service. :-( >>> i've run ssh-host-config (without creating a new user) and started >>> sshd manually from the shell. >>> >>> when i try to connect, i get "Connection closed by 127.0.0.1" and an >>> error "sshd: PID 6520: fatal: seteuid 45758: Permission denied" shows >>> up in the event viewer >>> >>> "id" idnicates that 45758 is me >>> >>> any suggestions? >> Use password authentication? > > I don't get to an authentication stage at all AFAICT. But what authentication methods do you allow? If you allow pubkey and have set up the keys for this (via 'ssh-user-config'), this could be the problem. Your 'sshd' won't be able to change user to 'you'. That's what the 'seteuid' message above means. I'd recommend removing all ssh key files in ~/.ssh and trying again. Also, FWIW, using a remote drive as your home adds a level of complication. You may want to try to create a local home directory, point to this in your '/etc/passwd', and rerun 'ssh-user-config' if you continue to have problems. -- Larry Hall http://www.rfk.com RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746 _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/