This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd w/o admin?


Aaron Davies wrote:
On Thu, Feb 19, 2009 at 12:33 AM, Larry Hall (Cygwin)
<XXXXXX> wrote:
   ^^^^^^
<http://cygwin.com/acronyms/#PCYMTNQREAIYR>  Thanks!


Aaron Davies wrote:
is it possible to get sshd working w/o admin privs?
Running 'ssh-host-config' requires adminstrative privileges to create
users to run 'sshd' as a service (for W2K3 and later) and for privilege
separation.  If you don't want/need these, then you can bypass these
as part of the configuration.  This will mean:

 1. You cannot run sshd as a service (on W2K3 or later) so you will not
    be able to use pub-key authentication.  On W2K and XP systems, you
    can use the existing 'SYSTEM' user to run 'sshd' as a service if
    you'd like.
I'm on XP Pro. How would I go about installing it as a service under
SYSTEM? ssh-host-config doesn't seem to be able to do that for me (log
attached, as is cygcheck output).

Of course. My mistake. You need admin privileges to install a service. If you don't have this or can't get it for the configuration portion of the installation, you won't be able to run as a service. :-(

i've run ssh-host-config (without creating a new user) and started
sshd manually from the shell.

when i try to connect, i get "Connection closed by 127.0.0.1" and an
error "sshd: PID 6520: fatal: seteuid 45758: Permission denied" shows
up in the event viewer

"id" idnicates that 45758 is me

any suggestions?
Use password authentication?

I don't get to an authentication stage at all AFAICT.

But what authentication methods do you allow? If you allow pubkey and have set up the keys for this (via 'ssh-user-config'), this could be the problem. Your 'sshd' won't be able to change user to 'you'. That's what the 'seteuid' message above means. I'd recommend removing all ssh key files in ~/.ssh and trying again.

Also, FWIW, using a remote drive as your home adds a level of
complication.  You may want to try to create a local home directory,
point to this in your '/etc/passwd', and rerun 'ssh-user-config' if
you continue to have problems.

--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]