This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Take 2: Testers for new ssh-*-config scripts wanted!


Hi,

I'd like to ask for more testing of the new ssh-host-config and
ssh-user-config scripts.

The new thing here is, that the ssh-host-config script now tries to
figure out if the machine is a 2003 Server or newer system.  If so,
the script asks, if it should create a new account "sshd_server"
to use as account to run sshd as service under.  If you say "yes" at
this point, a bunch of funny new activities is started:

- The script creates a sshd_server account

- It adds that account to the administrators group *iff* it's able
  to figure out the name of that group from the /etc/group file.
  This means, you must not change the name of the administrators
  group in /etc/group and the SID (S-1-5-32-544) must be available
  in that entry.

- It uses the new editrights utility to add the necessary user rights
  to the new sshd_server account. 
  These rights also explicitely deny logon locally and over network
  and allow logon only as service for security reasons.

The ssh-user-config script has also been changed.  It tries to
figure out if the machine is a 2003 Server or newer and if so, it
sets the permissions of the users ~/.ssh directory and the users
~/ssh/authorized_keys file so that the sshd_server account has read
permissions on both.  If it's an older system, it does the same for
the SYSTEM account.

Also on 2003, the sshd_server account is used for ownership of the
important files (/etc/ssh*, /var/empty, /var/log/sshd.log).

Further changes:
- Require bash for both scripts.
- Use `read -e' in both scripts to enable readline support.

So, I'd like to ask especially users of a 2003 Server system to test
that script.  Users of other systems are of course also welcome since
I want to be sure that I haven't broken these systems.

Attached are both scripts plus the vanilla ssh_config and sshd_config
file.  The latter two have to be copied to /etc/defaults/etc.  Please
not that the "editrights" tool has to be installed on your system.
You can find it in the Base category when updating with setup.exe.

Thanks in advance,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

Attachment: ssh-host-config
Description: Text document

Attachment: ssh-user-config
Description: Text document

Attachment: ssh_config
Description: Text document

Attachment: sshd_config
Description: Text document

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]