ssh configuration with cygwin

por | 22 septiembre, 2005

I’ve been working on getting sshd working on my XP Home SP1 box but I’ve
run into a problem I can’t get past. sshd is running as a daemon but
won’t allow me to connect to it.

Starting with updated versions of all installed cygwin packaged
including a clean openssh 3.9p1-2 install (no /etc/ssh* or ~/.ssh, sshd
removed from /etc/passwd, “net user sshd /del”), here’s how I set it up.
I was logged in as “Ernie”, which has Administrator privs:

=======================

% ssh-host-config -y
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called ‘sshd’.
For more info on privilege separation read /usr/share/doc/openssh/README.privsep.

Should privilege separation be used? (yes/no) yes
Generating /etc/sshd_config file

Warning: The following functions require administrator privileges!

Do you want to install sshd as service?
(Say “no” if it’s already installed as service) (yes/no) yes

Which value should the environment variable CYGWIN have when
sshd starts? It’s recommended to set at least “ntsec” to be
able to change user context without password.
Default is “ntsec”. CYGWIN=ntsec tty

The service has been installed under LocalSystem account.
To start the service, call `net start sshd’ or `cygrunsrv -S sshd’.

Host configuration finished. Have fun!

% net user sshd /add /homedir:d:\\cygwin\\var\\empty /active:no
The command completed successfully.

% mkpasswd -l -u sshd | sed -e ‘s/bash/false/’ >> /etc/passwd

% grep “^sshd:” /etc/passwd
sshd:unused_by_nt/2000/xp:1010:513:U-SLEEPWALK\sshd,S-1-5-21-1482476501-1682526488-854245398-1010:/var/empty:/bin/false

% echo “” > /var/log/sshd.log

% chown SYSTEM:SYSTEM /etc/ssh* /var/empty /var/log/sshd.log /var/log/lastlog

% ssh-user-config
Shall I create an SSH1 RSA identity file for you? (yes/no) no
Shall I create an SSH2 RSA identity file for you? (yes/no) (yes/no) yes
Generating /home/Ernie/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Ernie/.ssh/authorized_keys
Shall I create an SSH2 DSA identity file for you? (yes/no) (yes/no) yes
Generating /home/Ernie/.ssh/id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Do you want to use this identity to login to this machine? (yes/no) yes
Adding to /home/Ernie/.ssh/authorized_keys

Configuration finished. Have fun!

% ls -l /etc/ssh*
-rwxr-x— 1 SYSTEM Administrators 1159 Jan 8 14:24 /etc/ssh_config
-rw——- 1 SYSTEM Administrators 668 Jan 8 14:24 /etc/ssh_host_dsa_key
-rw-r–r– 1 SYSTEM Administrators 605 Jan 8 14:24 /etc/ssh_host_dsa_key.pub
-rw——- 1 SYSTEM Administrators 530 Jan 8 14:24 /etc/ssh_host_key
-rw-r–r– 1 SYSTEM Administrators 334 Jan 8 14:24 /etc/ssh_host_key.pub
-rw——- 1 SYSTEM Administrators 887 Jan 8 14:24 /etc/ssh_host_rsa_key
-rw-r–r– 1 SYSTEM Administrators 225 Jan 8 14:24 /etc/ssh_host_rsa_key.pub
-rw-r–r– 1 SYSTEM Administrators 2807 Jan 8 14:24 /etc/sshd_config

% ls -l ~/.ssh
total 6
-rw——-+ 1 Ernie None 830 Jan 8 14:26 authorized_keys
-rw——- 1 Ernie None 668 Jan 8 14:26 id_dsa
-rw-r–r– 1 Ernie None 605 Jan 8 14:26 id_dsa.pub
-rw——- 1 Ernie None 883 Jan 8 14:26 id_rsa
-rw-r–r– 1 Ernie None 225 Jan 8 14:26 id_rsa.pub
-rw-r–r– 1 Ernie None 236 Jan 8 14:29 known_hosts

% cygrunsrv -S sshd

[ sshd is up and running at this point ]

% ssh Ernie@127.0.0.1
ssh_exchange_identification: Connection closed by remote host

% cygrunsrv -E sshd

% chown Ernie:None /etc/ssh* /var/empty /var/log/sshd.log /var/log/lastlog

% /usr/sbin/sshd -d -d -d
debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 187
debug2: parse_server_config: config /etc/sshd_config len 187
debug1: sshd version OpenSSH_3.9p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]=’/usr/sbin/sshd’
debug1: rexec_argv[1]=’-d’
debug1: rexec_argv[2]=’-d’
debug1: rexec_argv[3]=’-d’
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.

[ Here I run ‘ssh Ernie@127.0.0.1’ from another shell ]

debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 187
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7