X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=ldO81Kh9UaELvrX5
	OlktvUa1IcaKZnqFPphw4zqsf0fFXZcpPVgoZgzmaVwd5yFeSHx2/smtFNaZUSV+
	OZaq0vKmobwvxRpFCw73Z4BpGmXrupTK3066qjItcU19zTiuPxOLQtJ9k+T7RKIw
	ZcorjIaGW2W+AmSqSDlg2mBZgm4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:reply-to:mime-version:to
	:subject:references:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=tvSdWTbMUWIRuTQESdSKWb
	NKcOM=; b=bOyReqtrkHu2TBDFKL+2V9taAORrzByioT4hcPr7LhgMBeu+/Ys2p6
	ar8OJsoqXZYlqiZa8PUlFZrLS2avFdn5H243wUyO5NHxbOO3pVWlehyzq9okedZm
	1ZK2sKYOUyuOxS2SzpNcJ9jk1hVLyAy1Ba2tmltLXEkXGLrQWe0Hk=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO: vms173005pub.verizon.net
Message-id: <5269D1AA.5010306@cygwin.com>
Date: Thu, 24 Oct 2013 22:04:26 -0400
From: "Larry Hall (Cygwin)" <reply-to-list-only-lh AT cygwin DOT com>
Reply-to: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: ssh logon failure
References: <4FCF00EB DOT 2070600 AT gmail DOT com> <loom DOT 20120607T103956-836 AT post DOT gmane DOT org> <4FD07C1D DOT 5070909 AT gmail DOT com> <loom DOT 20130807T185544-35 AT post DOT gmane DOT org> <52028508 DOT 7000102 AT cygwin DOT com> <loom DOT 20131025T023724-855 AT post DOT gmane DOT org>
In-reply-to: <loom.20131025T023724-855@post.gmane.org>
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7bit

On 10/24/2013 8:52 PM, Dan Greenspan wrote:
> I experienced the "operation not permitted" problem as many others have.
>
> I had not changed my setup when the error was experienced, but I noticed
> that every computer which presented this difficulty was a work machine with
> our IT security suite installed.  On every PC _without_ an IT security
> package, cygwin sshd worked just fine out of the box. On any PC without a
> security package which subsequently had one installed, sshd stopped working.
>
> Like at least one other user, I have concluded that my "evil" IT people are
> the root cause of the problem.  However, they are of no help whatsoever. By
> some combination of dumb luck, relentless hacking and bits of help online, I
> arrived at the following conslusions and solution:
>
> Problem one: by default, cygwin sshd uses the windows log, which is hard to
> read and doesn't contain the desired diagnostic output. Fixing this revealed
> useful clues.
>
> Problem two: /var/empty had the incorrect owner.
>
> THE FIX:
>
> 1) Setup cygwin's sshd normally by invoking: ssh-host-config -y (If you have
> been thrashing about trying to solve this problem and have changed
> permissions and config files, just run the script again to ensure that your
> setup is reasonable)
> 2) DON'T START sshd.
> 3) Issue "chown SYSTEM /var/empty"
> 4) Uninstall the default sshd service by invoking: cygrunsrv --remove sshd
> 5) Reinstall the service and make the sshd output go to /var/log/sshd.log by
> invoking: cygrunsrv -I sshd -d "Cygwin sshd" -p /usr/sbin/sshd -a '-D -e'
>
> I hope this works for you.

Thanks for taking the time to look into this and for posting your findings.
Can I ask what O/S version you're running on the machines where you see
this problem?  Part of my reason for asking is that "SYSTEM" is only a
valid owner for '/var/empty' on XP machines.  For later versions, it should
be "cyg-server" (and actually, "cyg-server" should work fine on XP machines
as well).

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple