This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi, I'd like to ask for more testing of the new ssh-host-config and ssh-user-config scripts. The new thing here is, that the ssh-host-config script now tries to figure out if the machine is a 2003 Server or newer system. If so, the script asks, if it should create a new account "sshd_server" to use as account to run sshd as service under. If you say "yes" at this point, a bunch of funny new activities is started: - The script creates a sshd_server account - It adds that account to the administrators group *iff* it's able to figure out the name of that group from the /etc/group file. This means, you must not change the name of the administrators group in /etc/group and the SID (S-1-5-32-544) must be available in that entry. - It uses the new editrights utility to add the necessary user rights to the new sshd_server account. These rights also explicitely deny logon locally and over network and allow logon only as service for security reasons. The ssh-user-config script has also been changed. It tries to figure out if the machine is a 2003 Server or newer and if so, it sets the permissions of the users ~/.ssh directory and the users ~/ssh/authorized_keys file so that the sshd_server account has read permissions on both. If it's an older system, it does the same for the SYSTEM account. Also on 2003, the sshd_server account is used for ownership of the important files (/etc/ssh*, /var/empty, /var/log/sshd.log). Further changes: - Require bash for both scripts. - Use `read -e' in both scripts to enable readline support. So, I'd like to ask especially users of a 2003 Server system to test that script. Users of other systems are of course also welcome since I want to be sure that I haven't broken these systems. Attached are both scripts plus the vanilla ssh_config and sshd_config file. The latter two have to be copied to /etc/defaults/etc. Please not that the "editrights" tool has to be installed on your system. You can find it in the Base category when updating with setup.exe. Thanks in advance, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin@cygwin.com Red Hat, Inc.
Attachment:
ssh-host-config
Description: Text document
Attachment:
ssh-user-config
Description: Text document
Attachment:
ssh_config
Description: Text document
Attachment:
sshd_config
Description: Text document
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |