This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: HELP: sshd/multi-user how-to
- From: richard dje <djensam at yahoo dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 12 May 2003 17:11:04 +0200 (CEST)
- Subject: Re: HELP: sshd/multi-user how-to
Hi Elfyn and Igor,
Thank you for your quick feedbacks
and sorry for the delay in giving my feedback :-)
--- Elfyn McBratney <elfyn@ubertales.co.uk> a écrit?: > On Sat, 10 May 2003,
richard dje wrote:
>
> > I'm trying to setup a cvs server on cygwin over ssh.
>
> See below...
>
> > I have cygwin v1.3.22.1 installed on a win2k box.
> > I also installed the latest version of openSSH, and all related packages.
> >
> > I also learned that one need to create a windows account for each user
> > willing to connect to the server.
> >
> > In order to do some testing i just created 2 accounts on the windows
> > machine,say USER1 and USER2.
> >
> > To enable connections through ssh one need to correctly setup 'sshd'. For
> that
> > USER1 ran 'ssh-host-config', since /etc/ssh_host_* files must be
> > read/write-able by only one account. Normally that user should have been
> > 'root'. Browsing the web, i saw that it was not that simple
> > on cygwin (Please correct me if i am wrong).
> >
> > Files
> > /etc/ssh_host_key,
> > /etc/ssh_host_rsa_key,
> > /etc/ssh_host_dsa_key
> >
> > should not be group and world-accessible.
> >
> > I then launched the following two commands
> > $ mkpasswd -l > /etc/passwd
> > $ mkgroup -l > /etc/group
> >
> > Their content looks OK.
> >
> > I then gathered USER1 and USER2 ssh2-rsa publickeys and put them in
> > their respective $HOME/.ssh/authorized_keys2 (on the server machine).
> >
> > The windows machine was then booted on USER1 account in order to be able
> > to start 'sshd' by means of '/etc/rc.d/init.d/sshd start'
> >
> > Connecting remotely to USER1 account by the following command worked just
> fine
> > $ ssh -v USER1@server_ip_address
> >
> > But trying to do the same for USER2 by using
> > $ ssh -v USER2@ser_ip_address
> > just failed, since i am asked to provide a password.
> > The above command output showed me that the ssh2-rsa publickey auth just
> > failed.
> >
> >
> > QUESTION:
> > - Is the above configuration feasible ?
> > assuming USER1 is a poweruser,
> > USER2, USER3, ..., USERN are simple user.
>
> If what you are doing is running sshd as user1 while wanting to allow
> user{2,3,4} to also login you will need to give user1 extended privileges
> (info at <http://cygwin.com/cygwin-ug-net/ntsec.html#NTSEC-SETUID>) so
> that it can switch user context (setuid).
I added the following three additional user rights to USER1:
- "Act as part of the operating system"
- "Replace process level token"
- "Increase quotas"
But it still does not work.
What i tried next was to launch 'sshd' via 'init'.
For that, i installed 'init' as a windows service through 'init-config'
Restarting the machine, and doing a 'ps -a' showed me that
'init', 'sshd' and 'xinetd' were running with UID=18
/etc/ssh_* and /var/empty files are now owned by SYSTEM.
I said to myself, GREAT things are going to work now. :-)
Doing a simple 'ssh USER1@server_ip_address' locally or remotely gave me the
same result : I am asked for a passord.
Worst, now 'sshd' keeps asking a passwd for all connection it receives.
I checked 'sshd' was effectively running my means of '/etc/rc.d/init.d/sshd
status' (one never know)
I also tried launching 'sshd' alone as a windows service through
'ssh-host-config'. I did a 'chown USER1 /etc/ssh* /var/empty'. I then rebooted
the machine, everything went well till i tried the above ssh commands (i.e,
same results), that is, no way to ssh to the server. :-(((
I should have missed something, but i can't find out what !!
> > - Does cygwin/cvs works fine in server mode using 'ext' protocol (ssh) ?
>
> A few people, including myself, have had a running cvs server but not for
> a record length of time. I was able to keep a server going for two days,
> and then it started giving me assert'ions.
What do you mean by assert'ions ?
Are you saying that cygwin/cvs server may not be stable enough ???
I really want to setup a cygwin/cvs server over ssh, but if it is
not stable enough then i'll give up.
I also read on the web, that setting up a cvs server using
CVSNT/Pserver/ssh was not that easy.
> > - Security-wise is (cygwin/cvs server / ssh) a good choice ?
>
> IMO, Yes. But there are concerns about shared memory and such. A search of
> the archives might(tm) give you more information.
May be i am blind but i did not find any relevant informations (I should be
blind)
But the way a cvs server is normally used do you think these kind of problems
are critical. The cvs server will actively be used by almost 15 designers.
> --
> Elfyn McBratney
> Systems Administrator
> ABCtales.com
>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Problem reports: http://cygwin.com/problems.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
Please, 'Au secours' (= 'help' in french) i'm lost.
-Richard
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/