none
Cygwin sshd?

    السؤال

  • Has anyone else had trouble getting Cygwin sshd to work?

    I've followed the instructions here:
    http://www.petri.co.il/setup-ssh-server-vista.htm

    The service does start.  However, whenever I attempt to connect, the following error shows up in the event log:
         sshd: PID 5096: fatal: setreuid 500: No such process

    I've tried a number of variations on the configuration.  I've tried it with and without privilege separation, I've checked the service-definition with "cygrunsrv -VQ sshd", and checked the user's rights with "editrights -l -u sshd_server", and it all looks happy as near as I can determine.  But it keeps coming back to this setruid() problem.

    Any suggestions?

    Thanks,
    -Luke
    • تم التحرير بواسطة Luke Scharf 13/شعبان/1430 08:21 م
    13/شعبان/1430 07:36 م

الإجابات

  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server

    • تم وضع علامة كإجابة بواسطة Luke Scharf 13/شعبان/1430 10:05 م
    13/شعبان/1430 09:12 م
  • I think I've found a work-through.

    The machine on which I'm installing sshd is a domain controller.  There was an old account called sshd_server, which appeared to have the right privileges that had been created during an earlier installation of cygwin on Windows 2003.  When I deleted sshd and sshd_server (and their associated entries from /etc/passwd and /etc/group) and let ssh-host-config re-create the account, that made everything work.

    Of course, now I have to fix the sshd daemons on the other DCs in the cluster, so we'll see how that goes...
    • تم وضع علامة كإجابة بواسطة Luke Scharf 13/شعبان/1430 09:12 م
    13/شعبان/1430 08:31 م

جميع الردود

  • I think I've found a work-through.

    The machine on which I'm installing sshd is a domain controller.  There was an old account called sshd_server, which appeared to have the right privileges that had been created during an earlier installation of cygwin on Windows 2003.  When I deleted sshd and sshd_server (and their associated entries from /etc/passwd and /etc/group) and let ssh-host-config re-create the account, that made everything work.

    Of course, now I have to fix the sshd daemons on the other DCs in the cluster, so we'll see how that goes...
    • تم وضع علامة كإجابة بواسطة Luke Scharf 13/شعبان/1430 09:12 م
    13/شعبان/1430 08:31 م
  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server

    • تم وضع علامة كإجابة بواسطة Luke Scharf 13/شعبان/1430 10:05 م
    13/شعبان/1430 09:12 م
  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server


    I was receiving this error message "/bin/switch: Operation not permitted".  Assigning the rights as you suggested worked for me on Server 2008 R2.  Thank you!
    15/جمادى الثانية/1434 01:46 م