This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
RE: sshd setup question
- From: Larry Hall <cygwin-lh at cygwin dot com>
- To: "Dan Adams" <dan at infochi dot com>, "'Cygwin List'" <cygwin at cygwin dot com>
- Date: Tue, 02 Sep 2003 21:02:30 -0400
- Subject: RE: sshd setup question
- References: <5.1.0.14.0.20030902203138.01f172c0@127.0.0.1>
- Reply-to: Cygwin List <cygwin at cygwin dot com>
Don't use "root" (I know it mentioned it). Use "SYSTEM". If that doesn't
work, send the output of 'getfacl /var/empty'.
BTW, you don't need to reply to my address (it's faked anyway). I've
redirected all response to me to the list so I'll get it regardless.
Larry
At 08:56 PM 9/2/2003, Dan Adams you wrote:
>Larry,
> I have attached those two files. Here is a transcript of my attempt
>to set the permissions along with a 'ls -l' command done in the /var
>directory.
>
>---
>dan@dan-infochi ~>cd /var
>dan@dan-infochi /var>ls -l
>total 0
>drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache
>drwxr-xr-x+ 2 dan None 0 Sep 1 14:32 empty
>drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log
>drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run
>drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp
>dan@dan-infochi /var>chmod 744 empty
>dan@dan-infochi /var>ls -l
>total 0
>drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache
>drwxr--r--+ 2 dan None 0 Sep 1 14:32 empty
>drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log
>drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run
>drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp
>dan@dan-infochi /var>chown root empty
>chown: `root': invalid user
>dan@dan-infochi /var>ls -l
>total 0
>drwxrwxrwx+ 3 ???????? Users 0 May 17 15:07 cache
>drwxr--r--+ 2 dan None 0 Sep 1 14:32 empty
>drwxrwxrwx+ 2 ???????? Users 0 Sep 2 16:29 log
>drwxrwxrwx+ 2 ???????? Users 0 Sep 1 14:35 run
>drwxrwxrwx+ 2 ???????? Users 0 May 17 15:07 tmp
>-----
>Then as before I get
>-----
>dan@dan-infochi /bin>cygrunsrv -S sshd
>cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
>The service has not been started.
>-----
>
>Dan Adams - dan@infochi.com
>http://www.infochi.com
>
>
>
>-----Original Message-----
>From: Larry Hall [mailto:cygwin-lh@cygwin.com]
>Sent: Tuesday, September 02, 2003 5:35 PM
>To: Dan Adams; cygwin@cygwin.com
>Subject: Re: sshd setup question
>
>
>Again, please attach your '/etc/passwd' and '/etc/group' files and show a
>transcript of your attempt to set /var/empty persmissions along with the
>output from 'ls -l /var'.
>
>Larry
>
>
>At 11:43 PM 9/1/2003, Dan Adams you wrote:
>>I followed both of those suggestions. I retried that script and it
>>seems to generate the key files each time it is run now. As far as that
>>mySQL thing, I renamed that dll file and will use another program
>>temporarily, until I can figure this thing out.
>>
>>Once I did those two things, I still see an error that looks the same,
>>although the contents of the sshd.log file is now:
>> /var/empty must be owned by root and not group or world-writable.
>>
>>My main trouble with this is that I seem to be having trouble getting
>>the permissions for that directory like it says, I can get it chmod'ed
>>to 744 easily, but I can't seem to get its ownership to root or system
>>either one. I am using a windows 2000 machine, although that may have
>>been in my cygcheck file that I sent. Does anyone have a suggestion on
>>how to get this permission thing set.
>>
>>Dan
>>
>>
>>"Larry Hall" <cygwin-lh@cygwin.com> wrote in message
>>5.1.0.14.0.20030901223001.01f810c8@127.0.0.1">news:5.1.0.14.0.20030901223001.01f810c8@127.0.0.1...
>>> ssh-host-config creates /etc/ssh_host_key*.
>>>
>>> From your cygcheck output:
>>>
>>> 653k 2003/07/22 C:\Program Files\mysql\bin\cygwinb19.dll - os=4.0
>>img=1.0 sys=4.0
>>> "cygwinb19.dll" v0.0 ts=1998/7/15 18:50
>>>
>>> This will is trouble waiting to happen. Get rid of this DLL and
>>> update mysql as required.
>>>
>>> Larry
>>>
>>>
>>> At 10:25 PM 9/1/2003, Dan Adams you wrote:
>>>
>>>
>>>
>>> >I am guessing this questioning might shift a little with my latest
>>finding.
>>> >Also, I have attached the cygcheck file thing that was requested at
>>> >that website.
>>> >
>>> >My latest finding is:
>>> >Could not load host key: /etc/ssh_host_key
>>> >Could not load host key: /etc/ssh_host_rsa_key
>>> >Could not load host key: /etc/ssh_host_dsa_key
>>> >Disabling protocol version 1. Could not load host key Disabling
>>> >protocol version 2. Could not load host key
>>> >
>>> >I found this when looking in the sshd.log file that is in that
>>> >directory. Relating to the permissions that that gentleman mentioned
>>> >in his post on this list, those directories (this may not be good
>>> >though) have the permissions for the system account. Is there
>>> >anything that speaks about
>>how
>>> >to create these keys?
>>> >
>>> >Dan
>>> >
>>> >"Larry Hall" <cygwin-lh@cygwin.com> wrote in message
>>> >5.1.0.14.0.20030901214533.01f6a988@127.0.0.1">news:5.1.0.14.0.20030901214533.01f6a988@127.0.0.1...
>>> >> OK, I'm not sure my efforts are paying off here. I'd recommend
>>> >> again
>>that
>>> >> you visit <http://cygwin.com/problems.html>. It's hard to figure
>>things
>>> >> without a basis of information. However, you'll probably find
>>> >> looking in the email archives helpful. For instance, I found this
>>> >> with a
>>simple
>>> >> search:
>>> >>
>>> >> <http://www.cygwin.com/ml/cygwin/2003-02/msg00522.html>
>>> >>
>>> >> Seems to describe your situation to a tee, complete with solution.
>>Just
>>> >> one more reason not to use tech.erdelynet.com. Seems your problem
>>> >> is a common one when following the directions at this site.
>>> >>
>>> >> If this doesn't solve your problem, I suggest uninstalling ssh and
>>> >> reinstalling. Then, stay away from tech.erdelynet.com and just
>>> >> set things up as the Cygwin doc suggests. Otherwise, bug
>>tech.erdelynet.com
>>> >> about it if you insist on using their advice.
>>> >>
>>> >> Larry
>>> >>
>>> >>
>>> >> At 09:40 PM 9/1/2003, Dan Adams you wrote:
>>> >> >The error it gives me when I try to start the service, after
>>> >> >using the ssh-host-config command to make the service, and using
>>> >> >the
>>cygrunsrv -S
>>> >sshd
>>> >> >command is:
>>> >> >cygrunsrv: Error starting a service: QueryServiceStatus: Win32
>>> >> >error
>>> >1062:
>>> >> >The service has not been started.
>>> >> >I am not sure if this will help at all, but I figured it might.
>>> >> >
>>> >> >
>>> >> >--
>>> >> >Dan Adams - dan@infochi.com
>>> >> >http://www.infochi.com
>>> >> >
>>> >> >
>>> >> >"Dan Adams" <dan@infochi.com> wrote in message
>>> >> >bj0ruq$thn$1@sea.gmane.org">news:bj0ruq$thn$1@sea.gmane.org...
>>> >> >> You mentioned that it is not reaching the server through ssh,
>>> >> >> is
>>there
>>> >any
>>> >> >> way I can find out where the problem occurs at? I am using a
>>> >> >> command
>>> >line
>>> >> >of
>>> >> >> :
>>> >> >> ssh -p 422 localhost
>>> >> >> to do this, I am not sure where in the networking the problem
>>> >> >> might
>>lie
>>> >> >at,
>>> >> >> is there any way that I can find out, or assist you in finding
>>> >> >> out?
>>> >> >>
>>> >> >> The reason I was trying it with inetd, partly because it
>>> >> >> mentioned
>>it
>>> >on
>>> >> >the
>>> >> >> website of yours, is because I have it working correctly for a
>>couple
>>> >of
>>> >> >> other services that are part of cygwin.
>>> >> >>
>>> >> >> One discrepancy I found between the website and the
>>> >> >> ssh-host-config
>>> >file
>>> >> >> that was installed on my machine is
>>> >> >> file:
>>> >> >> chown system.system /var/empty
>>> >> >> website
>>> >> >> chown system:system /var/empty
>>> >> >>
>>> >> >> How should this be? If you notice the website has a colon on
>>> >> >> that
>>line,
>>> >> >the
>>> >> >> file has a period on that line.
>>> >> >>
>>> >> >> The website I am referring to is:
>>> >> >http://tech.erdelynet.com/cygwin-sshd.html
>>> >> >>
>>> >> >> --
>>> >> >> Dan Adams - dan@infochi.com
>>> >> >> http://www.infochi.com
>>> >> >>
>>> >> >>
>>> >> >> "Larry Hall" <cygwin-lh@cygwin.com> wrote in message
>>> >> >> 5.1.0.14.0.20030901200938.01f7e0c0@127.0.0.1">news:5.1.0.14.0.20030901200938.01f7e0c0@127.0.0.1...
>>> >> >> > You're not reaching the server. The read of the basic
>>> >> >> > version
>>> >> >> identification
>>> >> >> > is failing. If the client and the server can't understand
>>> >> >> > what
>>> >version
>>> >> >of
>>> >> >> > ssh is running on either end, they don't talk. So you're not
>>> >reaching
>>> >> >the
>>> >> >> > server through ssh.
>>> >> >> >
>>> >> >> > Sorry I don't know much about setting up ssh under inetd. Is
>>there a
>>> >> >> reason
>>> >> >> > not to set it up as the documentation suggests? I can vouch
>>> >> >> > for
>>> >things
>>> >> >> > working that way.
>>> >> >> >
>>> >> >> > Larry
>>> >> >> >
>>> >> >> >
>>> >> >> > At 06:38 PM 9/1/2003, Dan Adams you wrote:
>>> >> >> > >Thanks for the comment about cygrunsrv and the method of
>>> >> >> > >removing
>>> >> >service
>>> >> >> > >from win2k That worked well
>>> >> >> > >
>>> >> >> > >Since I have inetd working well. I have a telnet server and
>>> >> >> > >also
>>a
>>> >FTP
>>> >> >> > >server, but neither is available outside of my firewall. I
>>thought
>>> >that
>>> >> >I
>>> >> >> > >would try and see if I could use the sshd server that I just
>>setup
>>> >via
>>> >> >> the
>>> >> >> > >inetd thing. When I did this, I got an error message of:
>>> >> >> > >
>>> >> >> > >ssh_exchange_identification: read: Connection reset by peer
>>> >> >> > >
>>> >> >> > >What would this mean? This is the only error message that I
>>> >> >> > >have
>>> >been
>>> >> >> > >getting from the ssh deamon when I try and connect, and even
>>before
>>> >I
>>> >> >ran
>>> >> >> > >that setup script.
>>> >> >> > >
>>> >> >> > >Dan Adams - dan@infochi.com
>>> >> >> > >http://www.infochi.com
>>> >> >> > >
>>> >> >> > >
>>> >> >> > >"Larry Hall" <cygwin-lh@cygwin.com> wrote in message
>>> >> >> > >5.1.0.14.0.20030901180444.01f69c90@127.0.0.1">news:5.1.0.14.0.20030901180444.01f69c90@127.0.0.1...
>>> >> >> > >> OK, visit <http://cygwin.com/problems.html> and provide
>>> >> >> > >> the
>>> >requested
>>> >> >> > >info.
>>> >> >> > >> Also, send along (attached too) your /etc/passwd and
>>> >> >> > >> /etc/group
>>> >> >files.
>>> >> >> > >The
>>> >> >> > >> actual transcript of your attempt to run chown would be
>>> >> >> > >> helpful
>>> >too.
>>> >> >> > >>
>>> >> >> > >> cygrunsrv -E <service name> followed by cygrunsrv -R
>>> >> >> > >> <service
>>> >name>
>>> >> >> will
>>> >> >> > >> stop and remove a service.
>>> >> >> > >>
>>> >> >> > >> Larry
>>> >> >> > >>
>>> >> >> > >>
>>> >> >> > >> At 06:04 PM 9/1/2003, Dan Adams you wrote:
>>> >> >> > >> >I tried the directions at the site, and when it did the
>>> >> >> > >> >chown
>>> >> >> > >system.system
>>> >> >> > >> >/var/empty command. It errors out, saying that the user
>>> >> >> > >> >is
>>> >unknown.
>>> >> >It
>>> >> >> > >seems
>>> >> >> > >> >to not want to start the service after that point. Any
>>> >> >> > >> >more
>>> >> >> suggestions.
>>> >> >> > >> >Also does anyone know how to remove a service from the
>>> >> >> > >> >listong
>>in
>>> >> >> Win2k
>>> >> >> > >once
>>> >> >> > >> >it is no longer desired. I am hoping to change from
>>> >> >> > >> >telnet/ftp
>>to
>>> >> >ssh
>>> >> >> > >access
>>> >> >> > >> >which means I would be able to get rid of the service of
>>> >> >> > >> >inetd
>>> >that
>>> >> >is
>>> >> >> in
>>> >> >> > >my
>>> >> >> > >> >win2k control panel thing.
>>> >> >> > >> >
>>> >> >> > >> >Dan Adams - dan@infochi.com http://www.infochi.com
>>> >> >> > >> >
>>> >> >> > >> >
>>> >> >> > >> >"Larry Hall" <cygwin-lh@cygwin.com> wrote in message
>>> >> >> > >> >5.1.0.14.0.20030901172200.01f49928@127.0.0.1">news:5.1.0.14.0.20030901172200.01f49928@127.0.0.1...
>>> >> >> > >> >> At 05:28 PM 9/1/2003, Krzysztof Duleba you wrote:
>>> >> >> > >> >> >Dan Adams" wrote
>>> >> >> > >> >> >
>>> >> >> > >> >> >> Does anyone know if there is either a script that
>>> >> >> > >> >> >> will
>>> >automate
>>> >> >> the
>>> >> >> > >> >> >process
>>> >> >> > >> >> >> of setting up an ssh server? Or is there a tutorial
>>> >> >> > >> >> >> setup
>>> >page?
>>> >> >> > >> >> >
>>> >> >> > >> >> >http://tech.erdelynet.com/cygwin-sshd.html
>>> >> >> > >> >>
>>> >> >> > >> >>
>>> >> >> > >> >> And please follow-up with any questions generated from
>>> >following
>>> >> >the
>>> >> >> > >> >> directions at this site with tech.erdelynet.com. The
>>supported
>>> >> >> > >> >information
>>> >> >> > >> >> for setting up Cygwin's OpenSSH distribution is
>>> >> >> > >> >> /usr/doc/Cygwin/openssh-*.README. It's the only source
>>> >> >> > >> >> of
>>> >> >> information
>>> >> >> > >> >this
>>> >> >> > >> >> list will entertain questions about.
>>> >> >> > >> >>
>>> >> >> > >> >> Thanks,
>>> >> >> > >> >>
>>> >> >> > >> >>
>>> >> >> > >> >> Larry Hall http://www.rfk.com
>>> >> >> > >> >> RFK Partners, Inc. (508) 893-9779 -
>RFK
>>> >> >Office
>>> >> >> > >> >> 838 Washington Street (508) 893-9889 -
>FAX
>>> >> >> > >> >> Holliston, MA 01746
>>> >> >> > >> >>
>>> >> >> > >> >>
>>> >> >> > >> >
>>> >> >> > >> >
>>> >> >> > >> >
>>> >> >> > >> >
>>> >> >> > >> >--
>>> >> >> > >> >Unsubscribe info:
>>http://cygwin.com/ml/#unsubscribe-simple
>>> >> >> > >> >Problem reports: http://cygwin.com/problems.html
>>> >> >> > >> >Documentation: http://cygwin.com/docs.html
>>> >> >> > >> >FAQ: http://cygwin.com/faq/
>>> >> >> > >>
>>> >> >> > >>
>>> >> >> > >
>>> >> >> > >
>>> >> >> > >
>>> >> >> > >
>>> >> >> > >--
>>> >> >> > >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>> >> >> > >Problem reports: http://cygwin.com/problems.html
>>> >> >> > >Documentation: http://cygwin.com/docs.html
>>> >> >> > >FAQ: http://cygwin.com/faq/
>>> >> >> >
>>> >> >> > --
>>> >> >> > Larry Hall http://www.rfk.com
>>> >> >> > RFK Partners, Inc. (508) 893-9779 - RFK
>>Office
>>> >> >> > 838 Washington Street (508) 893-9889 - FAX
>>> >> >> > Holliston, MA 01746
>>> >> >> >
>>> >> >> >
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >--
>>> >> >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>> >> >Problem reports: http://cygwin.com/problems.html
>>> >> >Documentation: http://cygwin.com/docs.html
>>> >> >FAQ: http://cygwin.com/faq/
>>> >>
>>> >>
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >--
>>> >Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>> >Problem reports: http://cygwin.com/problems.html
>>> >Documentation: http://cygwin.com/docs.html
>>> >FAQ: http://cygwin.com/faq/
>>>
>>> --
>>> Larry Hall http://www.rfk.com
>>> RFK Partners, Inc. (508) 893-9779 - RFK Office
>>> 838 Washington Street (508) 893-9889 - FAX
>>> Holliston, MA 01746
>>>
>>>
>>
>>
>>
>>
>>--
>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>Problem reports: http://cygwin.com/problems.html
>>Documentation: http://cygwin.com/docs.html
>>FAQ: http://cygwin.com/faq/
>
>
>
>--
>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>Problem reports: http://cygwin.com/problems.html
>Documentation: http://cygwin.com/docs.html
>FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/