This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: [Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]]
- To: cygwin <cygwin at sources dot redhat dot com>
- Subject: Re: [Re: [Re: OpenSSH2.1.1p4 - NT to NT: Problem]]
- From: <norbert dot bladt at usa dot net>
- Date: 8 Aug 00 03:47:09 MDT
- CC: vinschen at cygnus dot com
Corinna Vinschen <vinschen@cygnus.com> wrote:
> norbert.bladt@usa.net wrote:
> > > Change your /etc/passwd file on the client box so that the
> > > administrator (or your favorite admins member name) has uid 0.
> > > This should allow that admin to use a privileged port when
> > > starting ssh.
> > Works ad advertised, i.e. after changing the uid of the
> > administrator on the client side to 0 it works.
> > Because that was the only change in /etc/passwd I did,
> > the user on the server side is reported as "everyone" because
> > this user is first in the /etc/passwd on the client side and
> > has the uid 0 - as created by mkpasswd.
> This prevents everyone one the server side machine to use privileged
> ports, including the admin. But that's no problem anymore since I
> updated the OpenSSH port on ftp.franken.de as announced yesterday.
I think there is a misunderstanding here.
My /etc/passwd on the client side contains (among other lines)
the following lines in this order
everyone:*:0:0 ...
administrator:xyz:0:513: ...
So the client reports to the server side that the remote (client)
username is "everyone" instead of administrator.
That's it.
Removing the everyone from /etc/passwd on the client side will solve
this small annoyance.
> > Thanks for this "solution".
> > I thought about the other "fix" you mentioned in your
> > previous E-Mail. But this seems to be a better way of doing
> > it, because we don't have to maintain another derivative of
> > a derivative of a derivative of the original OpenBSD sources ;-)
> I assume I missed the point here. There's only one port of
> OpenSSH-2.1.1p4 to Cygwin and it's the one I put on ftp.franken.de.
> I changed it yesterday to ignore the uid when trying to use an
> explicit port and to fix a bug in scp. The last one is a more important
> problem so I suggest using that 2.1.1p4-2 version, nevertheless.
I was talking about a fix you announced on this mailing
list wrt. rhosts but you didn't implement it, at that time.
But now, it is in the official port done by you.
> BTW: It has the "open pid file in binmode" fix as well...
This is very much appreciated !
[...]
> > Will this work for other users with uid 0, too ?
> > I don't think so, but you know a lot more about NT
> > security than me.
> It works for each `normal' user on NT now since NT doesn't restrict
> well known port access to a privileged sort of user. And it works
> for each Cygwin uid now ;-)
However, it doesn't work for me. How do you specify an "explicit"
local port to use ?
For me it looks like the same as yesterday, i.e. as soon as
I use the uid 0 it allocates a port lower than 1024 but
if I have the uid to 500 for the administrator it still uses
a port above 1023 and the (new) sshd.exe still does reject
the connection.
I just replaced the ssh on the client side and the sshd on
the server side. Is that sufficient for the test ?
Or is there something else I need to do or I am doing
wrong ?
Thanks again for your support in bringing OpenSSH
to NT.
Norbert.
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com