This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Windows hardening and system paths


Hello again,

I installed Cygwin using the installer, and after installing the packages -
as I have done at least 10 times before - I ran the ssh-host-config -y (yes
to all). This usually generates the host-keys automatically, and as you
correctly state; it also sets the right permissions per default.

I installed the exact same package on another machine running Windows XP -
to eliminate the possibility of differences in package versions being the
issue here. However, the package that I installed on Windows XP - using the
exact same installation and configuration procedures - started the service
straight away - without any problems and without creating special user
accounts. Maybe I should try and create a special user account, since I am
trying to install on Windows Server 2003 and not XP where it works fine.

Therefore my conclusion is that something must be configured wrong on this
particular Windows Server 2003 - as you hopefully could make from the logs. 

By the way - how do I generate the host keys? This might be the issue since
sshd terminates because of this.

Sorry for all the questions, but I am out of my depths here - I usually have
no problems with Cygwin on any Windows platform... Maybe I'm on my own...

Best Regards
Mikkel Rostock

-----Original Message-----
From: Brian Dessent [mailto:brian@dessent.net] 
Sent: 18. august 2005 11:48
To: cygwin@cygwin.com
Subject: Re: Windows hardening and system paths

Mikkel Rostock wrote:

> > whether you set the permissions and ownership of files correctly
> I haven't changed permissions for any files, since usually when I install
it
> on Windows XP this is not necessary.
> 
> > created the proper user accounts
> The service is set to use LocalSystem account

This will not work.  Under 2k3 you need to create a special user account
and give it extra permissions.  This is explained in
/usr/share/doc/Cygwin/openssh.README.  However, the details are not
important because all the user-creation and permission-setting is done
for you with the ssh-host-config script which I recommend you use. 
Trying to do this by hand can be difficult.

>
----------------------------------------------------------------------------
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
>
----------------------------------------------------------------------------

You have not created the host keys.  This is another task that
ssh-host-config will automate for you.  You probably don't have a
/etc/sshd_config file either.  I recommend that you remove all traces of
whatever you've done by hand to install the sshd service and instead run
the script.

Brian



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]