sshd.log /var/empty must be owned by root and not group or world-writable.

["David Christensen" <dpchrist at holgerdanske dot com>]

cygwin:

I was attempting to update/upgrade my Cygwin installation:


1.  Rename C:\cygwin to C:\cygwin-old


2.  Create new folders C:\cygwin and C:\cygwin\setup .


3.  Download latest Cygwin Setup and save as C:\cygwin\setup\setup.exe .


4.  Run Cygwin Setup and download/ install base system from Internet.


5.  Run Cygwin Setup and download/ install openssh from Internet.


6.  Run Cygwin Bash and configure ssh:

Administrator@a64x23800p ~
$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read
/usr/share/doc/openssh/README.privsep
.

Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file

Host configuration finished. Have fun!

$ ssh-user-config

WARNING: group and other have been revoked write permission to your home
         directory /home/Administrator.
         This is required by OpenSSH to allow public key authentication
using
         the key files stored in your .ssh subdirectory.
         Revert this change ONLY if you know what you are doing!

Shall I create an SSH1 RSA identity file for you? (yes/no) no
Shall I create an SSH2 RSA identity file for you? (yes/no) yes
Generating /home/Administrator/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Administrator/.ssh/authorized_keys
Shall I create an SSH2 DSA identity file for you? (yes/no) yes
Generating /home/Administrator/.ssh/id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Administrator/.ssh/authorized_keys

Configuration finished. Have fun!


7.  Run Cygwin Bash and attempt to start sshd:

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.


8.  Look at /var/log/sshd.log:

/var/empty must be owned by root and not group or world-writable.


9.  Adjust mode of /var/empty and attempt to start sshd:

20080217-144322 Administrator@a64x23800p /var
$ ll -d empty/
drwxr-xr-x+ 2 Administrator None 0 Feb 17 14:30 empty//

20080217-144326 Administrator@a64x23800p /var
$ chmod 700 empty
20080217-144400 Administrator@a64x23800p /var

$ ll -d empty/
drwx------+ 2 Administrator None 0 Feb 17 14:30 empty//
20080217-144405 Administrator@a64x23800p /var

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.


10. Look at /var/log/sshd.log:

/var/empty must be owned by root and not group or world-writable.


11. Change owner of /var/empty:

20080217-144416 Administrator@a64x23800p /var
$ chown root empty/
chown: invalid user: `root'


12.  STFW.  root is not a valid user name.  Make an educated guess and
try again:

20080217-151048 Administrator@a64x23800p /var
$ chown SYSTEM empty

20080217-151056 Administrator@a64x23800p /var
$ ll -d empty/
drwx------+ 2 SYSTEM None 0 Feb 17 14:30 empty//

20080217-151108 Administrator@a64x23800p /var
$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.


Per http://www.cygwin.com/problems.html, cygcheck.out is attached.


I don't know how to put the above fixes (chmod, chown) into Cygwin;
perhaps the openssh maintainer can do so.


HTH,

David

Attachment: cygcheck.out
Description: Binary data

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/