none
Cygwin sshd?

    Soru

  • Has anyone else had trouble getting Cygwin sshd to work?

    I've followed the instructions here:
    http://www.petri.co.il/setup-ssh-server-vista.htm

    The service does start.  However, whenever I attempt to connect, the following error shows up in the event log:
         sshd: PID 5096: fatal: setreuid 500: No such process

    I've tried a number of variations on the configuration.  I've tried it with and without privilege separation, I've checked the service-definition with "cygrunsrv -VQ sshd", and checked the user's rights with "editrights -l -u sshd_server", and it all looks happy as near as I can determine.  But it keeps coming back to this setruid() problem.

    Any suggestions?

    Thanks,
    -Luke
    04 Ağustos 2009 Salı 19:36

Yanıtlar

  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server

    • Yanıt Olarak İşaretleyen Luke Scharf 04 Ağustos 2009 Salı 22:05
    04 Ağustos 2009 Salı 21:12
  • I think I've found a work-through.

    The machine on which I'm installing sshd is a domain controller.  There was an old account called sshd_server, which appeared to have the right privileges that had been created during an earlier installation of cygwin on Windows 2003.  When I deleted sshd and sshd_server (and their associated entries from /etc/passwd and /etc/group) and let ssh-host-config re-create the account, that made everything work.

    Of course, now I have to fix the sshd daemons on the other DCs in the cluster, so we'll see how that goes...
    • Yanıt Olarak İşaretleyen Luke Scharf 04 Ağustos 2009 Salı 21:12
    04 Ağustos 2009 Salı 20:31

Tüm Yanıtlar

  • I think I've found a work-through.

    The machine on which I'm installing sshd is a domain controller.  There was an old account called sshd_server, which appeared to have the right privileges that had been created during an earlier installation of cygwin on Windows 2003.  When I deleted sshd and sshd_server (and their associated entries from /etc/passwd and /etc/group) and let ssh-host-config re-create the account, that made everything work.

    Of course, now I have to fix the sshd daemons on the other DCs in the cluster, so we'll see how that goes...
    • Yanıt Olarak İşaretleyen Luke Scharf 04 Ağustos 2009 Salı 21:12
    04 Ağustos 2009 Salı 20:31
  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server

    • Yanıt Olarak İşaretleyen Luke Scharf 04 Ağustos 2009 Salı 22:05
    04 Ağustos 2009 Salı 21:12
  • Note1:
    I had to manually re-enter the credentials in the Administrative Tools | Services | "Cygwin sshd" | Properties dialog on the next server.

    Note2:
    I also had to assign the following privelages to the cyg_server account on the next ssh-server in the cluster:
    editrights -a SeTcbPrivilege -u cyg_server
    editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
    editrights -a SeCreateTokenPrivilege -u cyg_server
    editrights -a SeIncreaseQuotaPrivilege -u cyg_server
    editrights -a SeServiceLogonRight -u cyg_server
    editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server


    I was receiving this error message "/bin/switch: Operation not permitted".  Assigning the rights as you suggested worked for me on Server 2008 R2.  Thank you!
    25 Nisan 2013 Perşembe 13:46