This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

OpenSSH privilege separation fails: connections starts to be dropped.


In the first place, OpenSSH daemon works fine for me, if
"UsePrivilegeSeparation" feature is disabled.

I enabled "UsePrivilegeSeparation" and properly configured my system
for use of this feature: set up account "sshd" and set up permissions
for /var/empty.

In this configuration OpenSSH daemon starts without complains, but
drops incoming connections immediately after connect.

The appropriate debug output of SSH daemon (debug level 3) is:

------------------- cut here --------------------------------
...
debug2: Network child is on pid 1000
debug3: privsep user:group 1004:100ed
debug1: permanently_set_uid: 1004/100
permanently_set_uid: was able to restore old [e]gid
------------------- cut here --------------------------------

The last line has severity "fatal", and is sent to Event Log.

My setup is:

   cygwin-1.5.11-1, openssh-3.9p1-1
   @ Windows XP Professinal RUS SP2

   SSH daemon is running under (NT AUTHORITY/SYSTEM) account.
   /var/empty resides on NTFS, permissions set appropriately,
   and test "sshd -t" does not complain about anything.

   
There was a discussion recently in this maillist with very close
topic:
  "SSH on Cygwin Immediate Drops Connections"
  (http://sources.redhat.com/ml/cygwin/2004-09/msg00298.html)


But that topic is not applicable, because addresses another problem:

>> debug1: permanently_set_uid: 1107/513
>> setreuid 1107: Permission denied


What could I do to cope with SSH daemon failures ?

-- -
TOR Trade Company, IT Department,
Konstantin Andreev.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]