Web lists-archives.com

Re: cygwin 3.0.1-1 breaks my sshd install




On Feb 20 21:27, Andy Moreton wrote:
> On Wed 20 Feb 2019, Corinna Vinschen wrote:
> 
> > On Feb 20 21:01, Houder wrote:
> >> On Wed, 20 Feb 2019 10:53:09, scowles at ckhb dot org wrote:
> >> > 
> >> > i can confirm the same behaviours on a 3.0.0 system.  i've done
> >> > several checks and have been unable to find the source of the
> >> > problem.  ssh -vvv shows that the connection proceeds all the way
> >> > through the connection process, sends the appropriate key tokens,
> >> > then the server abruptly closes the connection. all accounts on
> >> > the system show the same results.
> >> > 
> >> > my 2.11.1 system, with identical ssh[d]_config files has no such
> >> > problems.
> >> > 
> >> > on both systems, all relevant files and directories have correct
> >> > owners and permissions.
> >> 
> >> Yes, failure for 3.0.0 (and 3.0.1); success for 2.11.2
> >> 
> >> Henri
> >> 
> >> 64-@@ uname -a
> >> CYGWIN_NT-6.1 Seven 3.0.1(0.338/5/3) 2019-02-20 10:19 x86_64 Cygwin
> >> 
> >> 64-@@ tail /var/log/sshd.log
> >> Server listening on 0.0.0.0 port 222.
> >> seteuid 1004: Permission denied
> >
> > Sorry guys, but I can't reproduce this problem at all.  I tested ssh
> > login on Vista, W7 and W10 1809, in each case on 64 bit and under
> > WOW64.  On all systems I can login with domain as well as local
> > accounts.
> >
> > For completeness sake I started sshd under SYSTEM as wel as under
> > cyg_server account and every time it just worked.
> 
> I've seen a similar failure, on a domain-joined Windows 10 box running
> cygsshd using a local cyg_server user account. I've fixed it by:
> 1) Open the "Computer Management" app
>    Select "Services and Applications", then "Services", and
>    choose the cygsshd service from the list.
> 2) Stop the service
> 3) Select the "Log On" tab, choose "Local System Account" and click OK.
> 4) Restart the service.
> 
> This changed the account reported by "cygrunsrv -VQ" from "./cyg_server"
> to "LocalSystem".

That actually fixed it for you?  I'm a bit surprised but at least that's
a neat solution, given that the new way to switch the user context
doesn't require the cyg_server account anymore.  SYSTEM is the way to
go in future.

While talking about it, i have a couple of OpenSSH upstream patches in
the loop:

- Rename Cygwin's sshd service to "cygsshd" becasue Microsoft hijacked
  the "sshd" service name for their own sshd.

- The ssh-host-config script will install the service under SYSTEM
  in future, unless you're trying to install under Windows 7 WOW64,
  which will still require the cyg_server account.

- Allowing to login with case-insensitive usernames.  This also
  enables case-insensitive user and group name matching in 
  sshd_config "Match" rules.

The first patch has been merged already, I'm still waiting for
feedback on the other two patches...


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature