RE: [ssh-l] Unable to get Cygwin sshd service to start

Hi Robert,
 
    I am running sshd as a service using cygrunsrv on win 2k pro machine.
    ntsec is activated. The machine private keys are own by system.system
with rw-------.
    I was curious and look at the Explore ACL via tha GUI and found the
following.
 
    Admistrators - Full priv
    Everyone - None
    System - Read Write
    Owner - System
 
    hope this info helps,
 
hugues
 
---Original Message-----
From: Robert Strom [mailto:rstrom@lucent.com]
Sent: Saturday, September 29, 2001 1:28 PM
To: ssh-l@erdelynet.com
Subject: RE: [ssh-l] Unable to get Cygwin sshd service to start

been there .... done that ..... MANY times when the files are owned by the
Administrators group - the only time that I can change the permissions -
it's easy then. I can even make only the SYSTEM account have permissions at
this point. After doing this the are not owned by the SYSTEM account and the
SSHD program does not like this. Here's what the ls program report after I
have taken ownership of the files for the Administrators group and changed
it so that only the SYSTEM account has RW permissions - there is NO
inheritance at this time.
 
-rw-rw-rw- 1 Robert None 1123 Sep 28 11:40 ssh_config
---------- 1 Administ Administ 672 Jul 11 22:52 ssh_host_dsa_key
-rwxrwx--- 1 Administ Administ 603 Jul 11 22:52 ssh_host_dsa_key.pub
---------- 1 Administ Administ 528 Jul 11 22:52 ssh_host_key
-rwxrwx--- 1 Administ Administ 332 Jul 11 22:52 ssh_host_key.pub
---------- 1 Administ Administ 883 Jul 11 22:52 ssh_host_rsa_key
-rwxrwx--- 1 Administ Administ 223 Jul 11 22:52 ssh_host_rsa_key.pub
-rw-rw-rw- 1 Robert None 1202 Sep 28 11:40 sshd_config
 
and here's what happens when I try to start the SSHD program manually
 
Robert@RSTROM <mailto:Robert@RSTROM> /etc
$ /usr/sbin/sshd -D -d -d -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
Could not load host key: /etc/ssh_host_key
Could not load host key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
 
So it doesn't look like the system is complaining about the permissions on
the files but it won't load the keys. The key file ARE all in the /etc
directory.
 
it is when I run the chown command to change the ownership of the files to
the SYSTEM account that the Everyone object is added to the list of users.
 
Once these files are owned by the SYSTEM account I cannot change the
permissions, only the SYSTEM account can, therefore I am in a catch 22
situation.
 
Thanks for all your help so far. It will be nice when / if this ever gets
operational.
 
Any more ideas anyone?
 
TIA,
 
Robert Strom
 
 

-----Original Message-----
From: ssh-l-owner@erdelynet.com [mailto:ssh-l-owner@erdelynet.com]On Behalf
Of Huddleston, John
Sent: Saturday, September 29, 2001 10:52 AM
To: 'ssh-l@erdelynet.com'
Subject: RE: [ssh-l] Unable to get Cygwin sshd service to start

Yes, in the gui window for the file properties you are going to
have to drop inheritence. In 2000 click on the Advanced button
and uncheck the box in the left middle of the gui window which says
"Allow inheritable ..."
 
It will prompt you and click yes.
 
That will drop Everyone.
 
John Huddleston

-----Original Message-----
From: Robert Strom [mailto:rstrom@lucent.com]
Sent: Friday, September 28, 2001 4:10 PM
To: ssh-l@erdelynet.com
Subject: RE: [ssh-l] Unable to get Cygwin sshd service to start

I've been through all of this but I went and looked at it again
 
When I run
 
chown system.system /etc/ssh_host*key
 
and look at the file perms using the gui security tools I see that the
Everyone group is added to the list of users. No permissions are assigned,
but the user is there and since neither my account or any Administrator
accounts are owners or have any permissions I cannot remove the Everyone
group. (ls -al reports ownership as SYSTEM SYSTEM at this time).
 
I have to change the ownership to the Administrators group in order to make
any changes to the permissions and then sshd doesn't like the group
ownership and permissions settings on the files.
 
I tried re-installing the entire Cygwin distribution while logged on as
"the" Administrator account this didn't solve anything. Everything behaved
exactly the same.
 
Bottom line, the chown command doesn't seem to behave properly and this
whole permissions problem seems to be a big catch 22 situation. It seems
nothing that I do makes sshd happy!!! This is getting VERY frustrating!!
 
Any ideas anyone??
 
TIA,
 
Robert Strom
 
 
 
 

-----Original Message-----
From: ssh-l-owner@erdelynet.com [mailto:ssh-l-owner@erdelynet.com]On Behalf
Of Huddleston, John
Sent: Friday, September 28, 2001 3:59 PM
To: 'ssh-l@erdelynet.com'
Subject: RE: [ssh-l] Unable to get Cygwin sshd service to start

Use the windows file security properties if you have to,
but the /etc/ssh*key file owner must be system and permissions
must be 0600. Se http://tech.erdelynet.com/cygwin-sshd.asp
<http://tech.erdelynet.com/cygwin-sshd.asp>

chown system.system /etc/ssh*key
chmod 0600 /etc/ssh*key

If the 'ls -l' does not show correctly, use the file
properties, remove Everyone, add system, change
permissions in that window.

Start the daemon by hand to get the /var/log/sshd.log
information:

/usr/sbin/sshd -D -d -d -d

Try logging into localhost from another window, you will
see errors if the settings are not correct.

John Huddleston

-----Original Message-----
From: Robert Strom [ mailto:rstrom@lucent.com <mailto:rstrom@lucent.com> ]
Sent: Friday, September 28, 2001 9:43 AM
To: ssh-l@erdelynet.com
Subject: RE: [ssh-l] Unable to get Cygwin sshd service to start

Yes I ran the ssh-host-config script before, and I just ran it again. When I

try to start the service with the following command

cygrunsrv -S sshd

I get the following error message

$ cygrunsrv -S sshd
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.

I don't have an sshd.log file anywhere in any of the cygwin directories.

The only sshd files I have are

sshd_config
ssh.8
sshd.exe

Thanks,

Robert Strom

-----Original Message-----
From: ssh-l-owner@erdelynet.com [ mailto:ssh-l-owner@erdelynet.com
<mailto:ssh-l-owner@erdelynet.com> ]On
Behalf Of Lance_Boomerang
Sent: Friday, September 28, 2001 10:01 AM
To: ssh-l@erdelynet.com
Subject: Re: [ssh-l] Unable to get Cygwin sshd service to start

Two things.

1) Did you run /usr/bin/ssh-host-config script
    This should take care of most of your permission errors.

2) Check permissions on /var/log/sshd.log
    They should be
    -rw-r--r-- 1 SYSTEM SYSTEM 983 Aug 27 19:54 sshd.log

If not, you will get errors.

You may have to delete this file, and let the system generate a new one.

Good Luck.

Robert Strom wrote:

> Hello,
>
> I'm attempting to get sshd running on my Win2k SP2 system.
>
> My system formatted as NTFS and I do have the
>
> CYGWIN=ntsec
>
> set in the environmental variables
>
> I believe that I have followed all the instructions on the erdelynet.com
> SSHD Setup page correctly.
>
> I am currently getting the following error message when trying to start
the
> SSHD Service
>
> Could not start the Cygwin SSHD service on Local Computer.
> The service did not return an error. This could be an internal Windows
error
> or an internal service error.
>
> and of course
>
> If the problem persists, contact your system administrator.
>
> Anyone out there have the answer to correcting this problem?
>
> Thanks,
>
> Robert
>
> --
> List Information: http://tech.erdelynet.com/maillist-ssh-l.asp
<http://tech.erdelynet.com/maillist-ssh-l.asp>
> List Archives: http://erdelynet.com/archive/ssh-l/
<http://erdelynet.com/archive/ssh-l/>

-- 
List Information: http://tech.erdelynet.com/maillist-ssh-l.asp
<http://tech.erdelynet.com/maillist-ssh-l.asp>  
List Archives:    http://erdelynet.com/archive/ssh-l/
<http://erdelynet.com/archive/ssh-l/>  
-- 
List Information: http://tech.erdelynet.com/maillist-ssh-l.asp
<http://tech.erdelynet.com/maillist-ssh-l.asp>  
List Archives:    http://erdelynet.com/archive/ssh-l/
<http://erdelynet.com/archive/ssh-l/>  
--
List Information: http://tech.erdelynet.com/maillist-ssh-l.asp
List Archives:    http://erdelynet.com/archive/ssh-l/