This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Installing sshd w/Cygwin under Win2K/SP4


Thanks for this record.  It should be useful for others.

Larry


At 10:37 AM 1/4/2005, you wrote:
>Hi Folks,
>   Here's the conclusion to my sshd journey.  Larry was correct.
>When installed properly, sshd should "just work", even using keys & with
>multiple users.
>Here's an exact record of the process I used for those considering embarking
>on this journey
>for themselves.  :-)
>
>thanks & best regards,
>eric
>
>LOG:
>0.  Format Hard Drive w/NTFS.
>1.  Windows 2K, SP4 Fresh Install.  Install all critical updates.
>2.  Install Cygwin.  Make sure openSSH package is selected as it is not
>selected by Default.
>3.  Set CYGWIN=ntsec tty in System Environment Variables via
>Settings->Control Panel->System->Advanced->Environment Variables->System
>Variables New Button.
>4.  Restart Win2K/SP4 machine.
>5.  Check SYSTEM user rights.  Check myself and a non-existent user as
>references.
>    Eric@<HOSTNAME> ~
>    $ ./testrights.csh SYSTEM
>    SeAssignPrimaryTokenPrivilege 2
>    SeCreateTokenPrivilege 2
>    SeDenyInteractiveLogonRight 2
>    SeDenyNetworkLogonRight 2
>    SeDenyRemoteInteractiveLogonRight 2
>    SeIncreaseQuotaPrivilege 2
>    SeServiceLogonRight 2
>
>    Eric@<HOSTNAME> ~
>    $ ./testrights.csh Eric
>    SeAssignPrimaryTokenPrivilege 2
>    SeCreateTokenPrivilege 2
>    SeDenyInteractiveLogonRight 2
>    SeDenyNetworkLogonRight 2
>    SeDenyRemoteInteractiveLogonRight 2
>    SeIncreaseQuotaPrivilege 0
>    SeServiceLogonRight 2
>
>    Eric@<HOSTNAME> ~
>    $
>
>    Eric@<HOSTNAME> ~
>    $ ./testrights.csh Dummy
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeAssignPrimaryTokenPrivilege 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeCreateTokenPrivilege 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeDenyInteractiveLogonRight 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeDenyNetworkLogonRight 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeDenyRemoteInteractiveLogonRight 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeIncreaseQuotaPrivilege 1
>    Error in getSID (LsaLookupNames returned 0xc0000073=STATUS_NONE_MAPPED)!
>
>    SeServiceLogonRight 1
>
>    Eric@<HOSTNAME> ~
>    $
>6.  Execute ssh-host-config.
>    Eric@<HOSTNAME> ~
>    $ ssh-host-config -p <PORT> -c 'ntsec tty'
>    Generating /etc/ssh_host_key
>    Generating /etc/ssh_host_rsa_key
>    Generating /etc/ssh_host_dsa_key
>    Generating /etc/ssh_config file
>    Privilege separation is set to yes by default since OpenSSH 3.3.
>    However, this requires a non-privileged account called 'sshd'.
>    For more info on privilege separation read
>/usr/share/doc/openssh/README.privsep.
>
>    Should privilege separation be used? (yes/no) yes
>    Warning: The following function requires administrator privileges!
>    Should this script create a local user 'sshd' on this machine? (yes/no)
>yes
>    Generating /etc/sshd_config file
>    Added ssh to C:\WINNT\system32\drivers\etc\services
>    Added ssh to /etc/inetd.conf
>
>
>    Warning: The following functions require administrator privileges!
>
>    Do you want to install sshd as service?
>    (Say "no" if it's already installed as service) (yes/no) yes
>
>    The service has been installed under LocalSystem account.
>    To start the service, call `net start sshd' or `cygrunsrv -S sshd'.
>
>    Host configuration finished. Have fun!
>
>    Eric@<HOSTNAME> ~
>    $
>7.  Execute ssh-user-config.
>    Eric@<HOSTNAME> ~
>    $ ssh-user-config
>
>    WARNING: group and other have been revoked write permission to your home
>             directory /home/Eric.
>             This is required by OpenSSH to allow public key authentication
>using
>             the key files stored in your .ssh subdirectory.
>             Revert this change ONLY if you know what you are doing!
>
>    Shall I create an SSH1 RSA identity file for you? (yes/no) no
>    Shall I create an SSH2 RSA identity file for you? (yes/no)  (yes/no) yes
>    Generating /home/Eric/.ssh/id_rsa
>    Enter passphrase (empty for no passphrase):
>    Enter same passphrase again:
>    Do you want to use this identity to login to this machine? (yes/no) yes
>    Adding to /home/Eric/.ssh/authorized_keys
>    Shall I create an SSH2 DSA identity file for you? (yes/no)  (yes/no) no
>
>    Configuration finished. Have fun!
>
>    Eric@<HOSTNAME> ~
>    $
>8.  Restart Win2K/SP4 machine.
>9.  Confirm cygrunsrv/sshd processes are running via Windows Task Manager.
>10. Execute 'ssh -p <PORT> 127.0.0.1'.
>    Eric@<HOSTNAME> ~
>    $ ssh -p <PORT> 127.0.0.1
>    The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
>    RSA key fingerprint is 67:8b:8e:2e:2c:93:a3:85:70:15:a6:ef:11:20:d9:f3.
>    Are you sure you want to continue connecting (yes/no)? yes
>    Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
>    Fanfare!!!
>    You are successfully logged in to this server!!!
>
>    Eric@<HOSTNAME> ~
>    $
>
>
>--
>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>Problem reports:       http://cygwin.com/problems.html
>Documentation:         http://cygwin.com/docs.html
>FAQ:                   http://cygwin.com/faq/ 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]