Hi,
I have taken a little while this morning to write a doc on how to setup sshd
as a service under windows nt/2000/xp to help people new to cygwin or people
experiencing problems. Really want others input and experience in setting it
up. Maybe be added to the OpenSSH dist. Corinna???
Elfyn
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
proposed HOWTO on setting up CYGWIN sshd as a win32 service (WNt/W2K/WXP)
This document will assist you in getting sshd up and running as a win32
service. Some parts of this doc refer to shell commands 'shell> ???',
these commands need to be run from your cygwin shell, others 'CMD> ???'
need to be run under cmd.exe.
In order to get sshd working corectly as a service there are a few
pre-requests:
1. Setup your CYGWIN environment
For WNt/W2K/WXP this is done by right-clicking on 'My Computer'
or double-clicking the 'System' incon in your control panel. In NT
<= 4.0 it's in the environment tab. in NT >= 5.0 its the environment
variables section under the advanced tab.
Your CYGWIN environment variable needs to be set to 'tty' at least and
if you want chmon/and or chown functionality 'ntsec ntea tty'. The nt*
options should only be used on NT systems with NTFS partitions housing
CYGWIN. warning: using the nt* options on 9x/Me systems can create large
un-removable files on your system... CYGWIN=ntsec ntea tty
Your PATH environment variable needs to contain the path to CYGWIN's /bin
mount, referred to here as 'c:\cygwin\bin'. You should append this path
to the end of your PATH variable... PATH=c:\winnt\system32;c:\cygwin\bin
2. Clean up your /etc/passwd and /etc/group files.
Your password/group databases should be cleaned up to point to
correct home directories and shells for given users. I recommend
editing the usernames so they are more legible under the shell
and conform the the standard-non-standard unix username or groupname
length of 8 characters if possible. The username can however be any nice
username. e.g...
Administrator::500:513:Admin,U-(DOMAIN?)/Administrator,S-500:/home/Administrator:/bin/bash
to
admin::500:513:Admin,U-DOMAIN/Administrator,S-500:/home/admin:/bin/bash
If you want to deny a user access based on password you can add a '*'
in the pw_word field of the file (user:*:uid:@gid:...) or you can restrict
them in shell-activity by giving them a false shell (/bin/false) or
one that does not exist (/bin/noshellhere). the former is a good idea
on guest accounts and usernames like SYSTEM that cannot ligin anyway.
Once you have performed the above pre-requests you are ready to setup sshd
as a service. note: this requires that cygwin be running under a windows
nt variant (NT 4.0/20000/XP).
1. Run /usr/bin/ssh-host-config (append '-y' for auto-setup)
This will ask you questions about your cygwin setup, whether or not
to replace existing ssh(d) configuration files and ask you for your
CYGWIN environment variable contents. A sshd service is also configured
under LocalSystem account which is what we want for this configuration.
shell> /usr/bin/ssh-host-config
It is assumed you answer no to privilege seperation (privsep) as were
trying to get running as the system user. if not just replace the username
system below with sshd
2. Set rectrictive permissions on configuration files
the assumed SYSTEM username is 'system'...
shell> chmod 600 /etc/ssh_host*_key
shell> chown system:system /etc/sshd_config
shell> chown system:system /var/empty
shell> touch /var/log/sshd.log
shell> chown system:system /var/log/sshd.log
If all has gone accordingly you have sucessfully setup sshd as a service
under
CYGWIN. Before we get all excited test it works!
shell> cygrunsrv -S sshd
or
CMD> net start sshd
As long as you do not experience errors you can assume everything has
worked.
Try logging in to your system 'shell> ssh localhost' using your password,
also
try to login from other machines or from the net to assure connectivity.
If you get an error, take a look at '/var/log/sshd.log'. This should give
you
an idea as to whats happend and gone wrong. If you cannot figure out the
error
from the entries (or no-entries) in the logfile browse the cygwin mailing
list
to see if anyone else if experiencing the same difficulties and consider
requesting help from others on the list.
Mailing list archives:
http://cygwin.com/ml/cygwin/
Mailing list owner:
[EMAIL PROTECTED]
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
