This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: sshd problems
- From: "lhall at pop dot ma dot ultranet dot com" <lhall at pop dot ma dot ultranet dot com>
- To: cygwin at cygwin dot com, lhall at rfk dot com, cygwin at cygwin dot com, david at purplebear dot net
- Date: Thu, 10 Oct 2002 20:32:21 -0400
- Subject: Re: sshd problems
- Reply-to: lhall at rfk dot com
I know your intention was to help diagnose the problem Igor. I only made
the comment because it is preferable to fill the archives with the
supported way of doing something, on the off-chance that someone consults
it in the future. ;-) Since the registry is currently used as the
persistent
repository of the mount table information, it can be consulted to diagnose
problems. It is, however, not any more useful than consulting the output
of mount, which will work now and in the future, no matter where the
persistent information is kept. This is only important if the repository
changes. Since there has been some serious talk about this, I thought
it important to stress the point.
As for creating "default" or "system" defaults, I think the current system
defaults as defined by mount cover these needs. However, even if there was
a need to create mount tables for these specific registry "users", I still
believe that modifying mount to create, edit, and view them is a far
preferable way to poking around the registry for obscure entries. But I'm
funny like that. ;-)
The wealth of useful information coming from your end of the pipe is a
welcome addition to this list. Keep it coming! :-)
Larry
Original Message:
-----------------
From: Igor Pechtchanski pechtcha@cs.nyu.edu
Date: Thu, 10 Oct 2002 16:04:32 -0400 (EDT)
To: lhall@rfk.com, cygwin@cygwin.com, david@purplebear.net
Subject: Re: sshd problems
Oops, wouldn't want it to come out that way... I was suggesting this as
a way of diagnosing the problem, not as a way of permanently fixing it.
However, if mounts did somehow get created for .DEFAULT or SYSTEM, I
wouldn't know of any way to manipulate them using the mount command unless
you su'd to SYSTEM, and you'd need sshd running for that. Catch-22...
Igor
On Thu, 10 Oct 2002, lhall@pop.ma.ultranet.com wrote:
> True, but I'd just like to reiterate that manipulating mount points via
> the registry is a completely unsupported and unecessary. mount can do
> everything that you can do via regedit/regtool w.r.t. mounting. Anyone
> that relies on registry tweaking to fix their mount problems will have
> problems sometime in the future when this mechanism changes. Use 'mount'
> to inspect, create, remove, and edit mount point in Cygwin. 'mount' will
> always work.
>
> Larry
>
> Original Message:
> -----------------
> From: Igor Pechtchanski pechtcha@cs.nyu.edu
> Date: Thu, 10 Oct 2002 15:41:17 -0400 (EDT)
> To: david@purplebear.net, cygwin@cygwin.com
> Subject: Re: sshd problems
>
>
> David,
>
> In Windows, do Start->Run, type 'regedit'. In regedit, Edit->Find, type
> 'mounts v2', leave only the 'Keys' box checked, then keep pressing "Find
> Next". See if somehow there are mounts created for the user 'SYSTEM'
> (which would actually be some long id, but that's ok) or ".DEFAULT". The
> mounts will show as subkeys of the 'mounts v2' key for that user. See if
> the '/' subkey points to "c:/". If it is, you should be able to at least
> rename the 'mounts v2' key to something else temporarily and see if it
> fixes your problem (or delete it if you feel lucky).
> Igor
> P.S. There should be a way to do this with regtool as well, but I can't
> think of one offhand.
>
> On Thu, 10 Oct 2002, David Monk wrote:
>
> > A further update on this issue. If I do some forcing, ie. using an
> alternate
> > key and chowning /var/empty to myself, I _can_ get sshd to run. I can't
> > login, but it does run.
> > Keeping in mind the weird c:\var\log\sshd.log file appearance, I tested
it
> > out. I deleted c:\var. I started sshd from the shell as /usr/sbin/sshd
-h
> > /home/dmonk/ssh_host_rsa_key -d -d -d. It ran and no c:\var\log\sshd.log
> was
> > created. However, when I tried to start the service, the
> c:\var\log\sshd.log
> > was created. Somehow, when it runs as LocalSystem, it does not have the
> > proper cygwin mount points available. This may be the root of the issue.
> How
> > can this be fixed?
> >
> > David
> >
> > ----- Original Message -----
> > From: "David Monk" <david@purplebear.net>
> > To: "Harig, Mark A." <maharig@idirect.net>; "Len Giambrone"
> <frodo@mit.edu>
> > Cc: <cygwin@cygwin.com>
> > Sent: Thursday, October 10, 2002 1:53 PM
> > Subject: Re: sshd problems
> >
> >
> > > >From the default installation, then ssh-host-config perspective of
this
> > now,
> > > my /var/empty looked like this immediately following ssh-host-config:
> > >
> > > drwxrwxrwx 2 system system 0 Oct 10 13:18 /var/empty
> > >
> > > Well, the date was different, as I have deleted and recreated it
> manually
> > a
> > > couple times trying to get this working.
> > > Changing it to what you show:
> > >
> > > drwxr-xr-x 2 system system 0 Oct 10 13:18 /var/empty
> > >
> > > gives the following, using a separate key to even get sshd to run:
> > >
> > > $ /usr/sbin/sshd -h /home/dmonk/ssh_host_rsa_key -d -d -d
> > > debug1: sshd version OpenSSH_3.4p1
> > > debug3: Not a RSA1 key file /home/dmonk/ssh_host_rsa_key.
> > > debug1: read PEM private key done: type RSA
> > > debug1: private host key: #0 type 1 RSA
> > > Disabling protocol version 1. Could not load host key
> > > Bad owner or mode for /var/empty
> > >
> > >
> > > Looking through the archives shows there have been a lot of recent
> > problems
> > > with sshd. My current question is, does anyone now have sshd running
as
> a
> > > service, using privsep on Windows 2000 with an NTFS filesystem? I am
> > > beginning to wonder if it could be due to service pack 3. That was a
> > recent
> > > update to this system. Unfortunately, I only use sshd on this system
> when
> > I
> > > need to do things from home, so I can not pinpoint exactly when this
> issue
> > > appeared.
> > >
> > > David
> > >
> > >
> > > ----- Original Message -----
> > > From: "Harig, Mark A." <maharig@idirect.net>
> > > To: "David Monk" <david@purplebear.net>; "Len Giambrone"
<frodo@mit.edu>
> > > Cc: <cygwin@cygwin.com>
> > > Sent: Thursday, October 10, 2002 1:41 PM
> > > Subject: RE: sshd problems
> > >
> > >
> > > According to /usr/doc/Cygwin/openssh-3.4p1-5.README:
> > >
> > > >The new ssh-host-config script also adds the /var/empty directory
> > > >needed by privilege separation. When creating the /var/empty
directory
> > > >by yourself, please note that in contrast to the README.privsep
> > > document
> > > >the owner sshould not be "root" but the user which is running sshd.
> > > So,
> > > >in the standard configuration this is SYSTEM. The ssh-host-config
> > > script
> > > >chowns /var/empty accordingly.
> > >
> > > In /usr/bin/ssh-host-config is the following code:
> > >
> > > ># Create /var/empty file used as chroot jail for privilege separation
> > > >if [ -f /var/empty ]
> > > >then
> > > > echo "Creating /var/empty failed\!"
> > > >else
> > > > mkdir -p /var/empty
> > > > # On NT change ownership of that dir to user "system"
> > > > if [ $_nt -gt 0 ]
> > > > then
> > > > chown system.system /var/empty
> > > > fi
> > > >fi
> > >
> > > For me, I have the following permissions:
> > >
> > > $ ls -ld /var/empty
> > > drwxr-xr-x 2 SYSTEM SYSTEM 0 Jul 24 11:39 /var/empty
> > >
> > > > -----Original Message-----
> > > > From: David Monk [mailto:david@purplebear.net]
> > > > Sent: Thursday, October 10, 2002 2:31 PM
> > > > To: Len Giambrone
> > > > Cc: cygwin@cygwin.com
> > > > Subject: Re: sshd problems
> > > >
> > > >
> > > > Generating a new key worked, as far as finding the key goes. Then it
> > > > presented me with a /var/empty ownership or permissions
> > > > issue. So, thinking
> > > > along the same lines, I chaned owner of that dir to myself.
> > > > Finally, sshd
> > > > runs. Not as a service unfortunately, but it does run. Also
> > > > unfortunately, I
> > > > can not log in under these circumstances. I get a password
> > > > prompt, but it
> > > > never accepts it. I can only guess this has something to do
> > > > with privlege
> > > > separation.
> > > >
> > > > Anyway, the main problem here, from the beginning of this
> > > > thread, is that
> > > > openssh was working fine, running as a service, using
> > > > privlege separation
> > > > until approx 2 weeks ago. The only thing I could have
> > > > possibly done to break
> > > > that was updating packages. So, somewhere, something in
> > > > cygwin changed.
> > > > Either specifically with the openssh package or with the some
> > > > other aspect,
> > > > but something has definitely changed. Again, this was working
> > > > beautifully I
> > > > know for absolute certainty 3 weeks ago, the server running
> > > > as a service via
> > > > cygrunsrv, utilizing the privlege separation. The only things
> > > > that have been
> > > > done to this system over the last few months has been regular
> > > > virus updates,
> > > > updates for Windows and cygwin updates. I have not messed with any
> > > > configuration files, nor have I changed any file permissions
> > > > within cygwin
> > > > of it's file tree to cause this.
> > > >
> > > > David
> > >
> > > (a huge amount of text deleted)
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu
ZZZzz /,`.-'`' -. ;-;;,_ igor@watson.ibm.com
|,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Water molecules expand as they grow warmer" (C) Popular Science, Oct'02,
p.51
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/