This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

SSH and Cygwin

Greetings all.

I have a few issues running SSHD under cygwin.

I have got it mostly to work and it looks good, but there are at least two security issues that I am concerned about.

The first is when someone accesses my SSH server, the server sends back an environment that includes LOGONSERVER, HOMEDRIVE, 

Since this is to a remote client, I do not want them to know any of the details of my server, and this lays it wide open.  Is there a way to 
stop these environment variables from being exported to the remote client?  I am putting users in a chroot jail (more about that below) and 
even though I unset these variables in the script, they still get set on the client.   

Another related issue is that I have a different computer name from the name that remote clients use and wish to have the public name 
sent back in the environment variables such as USERDOMAIN and HOSTNAME.  Right now, I reset them to what I want in the profile I 
execute as part of the chroot. Is this the only way to do it?  Running cygrunsrv with -e "USERDOMAIN=publicname" has no effect, but it 

As to the chroot issue, I went with the procedure in but fleshed it out 
so it would work, and it does, but a disturbing issue is that when a remote client logs on, I have to have a globally accessible home 
directory in my /etc/passwd file and have that directory exist. Then, the server places the client in that home directory before the script 
can get control to chroot to the jail.  This is a millisecond security issue but still a window.

Thanks for any assistance.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]