This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd problems


Then something is very wrong there.  Adding the -s flag creates system 
mount points for all users.  These go in the HKLM branch of the registry
(although don't count on the structure or usage of specific keys in the
registry for mounts remaining the same in the future.  All mount
manipulations
should be done via Cygwin tools like mount).  If you cannot create system 
level mount points with mount, you may want to run mount under strace and 
see if the results shed any light on the problem.

Larry


Original Message:
-----------------
From: David Monk david@purplebear.net
Date: Thu, 10 Oct 2002 14:40:42 -0500
To: cygwin@cygwin.com
Subject: Re: sshd problems


No, I installed "Just for myself" as I always do. I have not edited the
registry, and I had not deleted any mount points. I also, during this
process of resolving this, issued the commands below hoping to fix it. The
registry entries were not created with those commands, least not under HKLM.

David

----- Original Message -----
From: <lhall@pop.ma.ultranet.com>
To: <david@purplebear.net>; <cygwin@cygwin.com>
Sent: Thursday, October 10, 2002 2:30 PM
Subject: Re: sshd problems


If you installed via setup and installed for "All Users", you should have
the same mount points needed for both your user and for SYSTEM if you
didn't
subsequently edit these mount points.  In any case, you should be able to
recover by remounting them like so:

mount -f -s -b "<DOS path to cygwin installation>" /
mount -f -s -b "<DOS path to cygwin installation>/bin" /usr/bin
mount -f -s -b "<DOS path to cygwin installation>/lib" /usr/lib

where <DOS path to cygwin installation> would be something like C:/cygwin.

Larry


Original Message:
-----------------
From: David Monk david@purplebear.net
Date: Thu, 10 Oct 2002 14:05:28 -0500
To: cygwin@cygwin.com
Subject: Re: sshd problems


A further update on this issue. If I do some forcing, ie. using an alternate
key and chowning /var/empty to myself, I _can_ get sshd to run. I can't
login, but it does run.
Keeping in mind the weird c:\var\log\sshd.log file appearance, I tested it
out. I deleted c:\var. I started sshd from the shell as /usr/sbin/sshd -h
/home/dmonk/ssh_host_rsa_key -d -d -d. It ran and no c:\var\log\sshd.log was
created. However, when I tried to start the service, the c:\var\log\sshd.log
was created. Somehow, when it runs as LocalSystem, it does not have the
proper cygwin mount points available. This may be the root of the issue. How
can this be fixed?

David

----- Original Message -----
From: "David Monk" <david@purplebear.net>
To: "Harig, Mark A." <maharig@idirect.net>; "Len Giambrone" <frodo@mit.edu>
Cc: <cygwin@cygwin.com>
Sent: Thursday, October 10, 2002 1:53 PM
Subject: Re: sshd problems


> >From the default installation, then ssh-host-config perspective of this
now,
> my /var/empty looked like this immediately following ssh-host-config:
>
> drwxrwxrwx    2 system   system          0 Oct 10 13:18 /var/empty
>
> Well, the date was different, as I have deleted and recreated it manually
a
> couple times trying to get this working.
> Changing it to what you show:
>
> drwxr-xr-x    2 system   system          0 Oct 10 13:18 /var/empty
>
> gives the following, using a separate key to even get sshd to run:
>
> $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> debug1: sshd version OpenSSH_3.4p1
> debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> Disabling protocol version 1. Could not load host key
> Bad owner or mode for /var/empty
>
>
> Looking through the archives shows there have been a lot of recent
problems
> with sshd. My current question is, does anyone now have sshd running as a
> service, using privsep on Windows 2000 with an NTFS filesystem? I am
> beginning to wonder if it could be due to service pack 3. That was a
recent
> update to this system. Unfortunately, I only use sshd on this system when
I
> need to do things from home, so I can not pinpoint exactly when this issue
> appeared.
>
> David
>
>
> ----- Original Message -----
> From: "Harig, Mark A." <maharig@idirect.net>
> To: "David Monk" <david@purplebear.net>; "Len Giambrone" <frodo@mit.edu>
> Cc: <cygwin@cygwin.com>
> Sent: Thursday, October 10, 2002 1:41 PM
> Subject: RE: sshd problems
>
>
> According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
>
> >The new ssh-host-config script also adds the /var/empty directory
> >needed by privilege separation.  When creating the /var/empty directory
> >by yourself, please note that in contrast to the README.privsep
> document
> >the owner sshould not be "root" but the user which is running sshd.
> So,
> >in the standard configuration this is SYSTEM.  The ssh-host-config
> script
> >chowns /var/empty accordingly.
>
> In /usr/bin/ssh-host-config is the following code:
>
> ># Create /var/empty file used as chroot jail for privilege separation
> >if [ -f /var/empty ]
> >then
> >  echo "Creating /var/empty failed\!"
> >else
> >  mkdir -p /var/empty
> >  # On NT change ownership of that dir to user "system"
> >  if [ $_nt -gt 0 ]
> >  then
> >    chown system.system /var/empty
> >  fi
> >fi
>
> For me, I have the following permissions:
>
>   $ ls -ld /var/empty
>   drwxr-xr-x    2 SYSTEM   SYSTEM          0 Jul 24 11:39 /var/empty
>
> > -----Original Message-----
> > From: David Monk [mailto:david@purplebear.net]
> > Sent: Thursday, October 10, 2002 2:31 PM
> > To: Len Giambrone
> > Cc: cygwin@cygwin.com
> > Subject: Re: sshd problems
> >
> >
> > Generating a new key worked, as far as finding the key goes. Then it
> > presented me with a /var/empty ownership or permissions
> > issue. So, thinking
> > along the same lines, I chaned owner of that dir to myself.
> > Finally, sshd
> > runs. Not as a service unfortunately, but it does run. Also
> > unfortunately, I
> > can not log in under these circumstances. I get a password
> > prompt, but it
> > never accepts it. I can only guess this has something to do
> > with privlege
> > separation.
> >
> > Anyway, the main problem here, from the beginning of this
> > thread, is that
> > openssh was working fine, running as a service, using
> > privlege separation
> > until approx 2 weeks ago. The only thing I could have
> > possibly done to break
> > that was updating packages. So, somewhere, something in
> > cygwin changed.
> > Either specifically with the openssh package or with the some
> > other aspect,
> > but something has definitely changed. Again, this was working
> > beautifully I
> > know for absolute certainty 3 weeks ago, the server running
> > as a service via
> > cygrunsrv, utilizing the privlege separation. The only things
> > that have been
> > done to this system over the last few months has been regular
> > virus updates,
> > updates for Windows and cygwin updates. I have not messed with any
> > configuration files, nor have I changed any file permissions
> > within cygwin
> > of it's file tree to cause this.
> >
> > David
>
> (a huge amount of text deleted)
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>
>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]