This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd w/o admin?


On Thu, Feb 19, 2009 at 10:03 AM, Larry Hall (Cygwin) wrote:

> Aaron Davies wrote:
>
>> On Thu, Feb 19, 2009 at 12:33 AM, Larry Hall (Cygwin) wrote:
>
>   ^^^^^^
> <http://cygwin.com/acronyms/#PCYMTNQREAIYR>  Thanks!

is this even possible in gmail? if not, i'll do it manually for now.

>>> Aaron Davies wrote:
>>>>
>>>> is it possible to get sshd working w/o admin privs?
>>>
>>> Running 'ssh-host-config' requires adminstrative privileges to create
>>> users to run 'sshd' as a service (for W2K3 and later) and for privilege
>>> separation.  If you don't want/need these, then you can bypass these
>>> as part of the configuration.  This will mean:
>>>
>>>  1. You cannot run sshd as a service (on W2K3 or later) so you will not
>>>    be able to use pub-key authentication.  On W2K and XP systems, you
>>>    can use the existing 'SYSTEM' user to run 'sshd' as a service if
>>>    you'd like.
>>
>> I'm on XP Pro. How would I go about installing it as a service under
>> SYSTEM? ssh-host-config doesn't seem to be able to do that for me (log
>> attached, as is cygcheck output).
>
> Of course.  My mistake.  You need admin privileges to install a service.
> If you don't have this or can't get it for the configuration portion of
> the installation, you won't be able to run as a service. :-(

that's ok, i'm comfortable with running it out of my .profile or
something similar.

>>>> i've run ssh-host-config (without creating a new user) and started
>>>> sshd manually from the shell.
>>>>
>>>> when i try to connect, i get "Connection closed by 127.0.0.1" and an
>>>> error "sshd: PID 6520: fatal: seteuid 45758: Permission denied" shows
>>>> up in the event viewer
>>>>
>>>> "id" idnicates that 45758 is me
>>>>
>>>> any suggestions?
>>>
>>> Use password authentication?
>>
>> I don't get to an authentication stage at all AFAICT.
>
> But what authentication methods do you allow?  If you allow
> pubkey and have set up the keys for this (via 'ssh-user-config'),
> this could be the problem.  Your 'sshd' won't be able to change
> user to 'you'.  That's what the 'seteuid' message above means.
> I'd recommend removing all ssh key files in ~/.ssh and trying again.

The vast majority of use I get out of ssh on this box is outgoing, and
I have several keys set up for ssh'ing into various linux boxes.
However, I have no ~/.ssh/authorized_keys.

The local ssh_config and sshd_config are unmodified from the versions
written by ssh-host-config, AFAIK, which is identical to /etc/defaults
for ssh_config, and for sshd_config, only varies by setting the port
and turning off StrictModes and UsePrivilegeSeparation. I have never
run ssh-user-config; I generated the keys directly with the standard
keygen tools.

I tried moving all my keys aside (outside of ~/.ssh). Now "ssh
localhost" on the local box takes my password, prints the banner, then
quits with "Connection to localhost closed."

% ssh localhost
adavies@localhost's password:
Last login: Thu Feb 19 10:41:39 2009 from localhost
Connection to localhost closed.

The same setreuid error is left in the event log

Why exactly does it need to setreuid to me when it's already me? This
sshd process is started by and running under the same id it's trying
to become.

> Also, FWIW, using a remote drive as your home adds a level of
> complication.  You may want to try to create a local home directory,
> point to this in your '/etc/passwd', and rerun 'ssh-user-config' if
> you continue to have problems.

I'll give this a try next, I guess.
-- 
Aaron Davies
aaron.davies@gmail.com

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]