This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Mar 19 17:57, Corinna Vinschen wrote: > On Mar 19 11:54, Paul Griffith wrote: > > On 03/18/2014 09:24 PM, PolarStorm wrote: > > > Paul Griffith wrote > > >> ... > > >> /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd blah > > >> ... > > > > > > Just a few things... > > > > > > 1) Don't do that (manually). > > > First of all, "ntsec" is deprecated. Second, there are a lot of strange > > > issues when > > > using "--yes", just answer the questions manually, especially since you > > > don't need > > > all those keys just to have ssh work. > > > > > > 2) Make sure you run the ssh-host-config from an "administrator: cygwin > > > shell. > > > > > > 3) Check your /etc/sshd-config for: "UsePrivilegeSeparation sandbox" which > > > is > > > the new default. The ssh-host-config script has a bug on line 169 that > > > attempts > > > to set this to "no", but where the regex fails. (I told people in THIS > > > <http://cygwin.1069669.n5.nabble.com/CSIH-SSH-setup-script-problems-on-W81-64-tp106953.html> > > > nabble post, but I > > > don't think it ever reached the main mailing list.) > > > > > > 4) The sshd user pas-wor-d is set to expire by default after 42 days, in > > > Windows 8.1. > > > Fix it if you're using that. > > > > > > > > > Thanks Gene for the heads up, it will help me fine tune my setup! I need to use the "--yes" option because I am building a automated installation for Windows 7. > > I attached a new incarnation of the ssh-host-config script to this > mail. Anybody? > Would interested parties be so kind to test this new script? > > Changes compared to the released version from the openssh package: > > - The "StrictModes" setting in /etc/sshd_config is now asked for, rather than > setting it always to "no". > > The background is that "StrictModes yes" is the more secure setting. > "StrictModes no" is only required for users with home directories on a > "noacl" mount or on FAT/FAT32 partitions, so I think the administrator > should have a choice here. > > - The "UsePrivilegeSeparation" setting in /etc/sshd_config now takes into > account that the default setting is "sandbox", which doesn't make > sense on Cygwin. > > - Changes to /etc/sshd_config are now only written to the file, if the file > has been just generated or if the question > > "Overwrite existing /etc/sshd_config file?" > > has been answered with "yes". > > I also tweaked the script slightly to support the new passwd/group code > I'm working on, but that's not yet finished. > > Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgpCysR6ONJR5.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |