This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: OpenSSH privilege separation fails: connections starts to be dropped.


On Sep 16 22:17, Konstantin Andreev wrote:
> 
> In the first place, OpenSSH daemon works fine for me, if
> "UsePrivilegeSeparation" feature is disabled.
> 
> I enabled "UsePrivilegeSeparation" and properly configured my system
> for use of this feature: set up account "sshd" and set up permissions
> for /var/empty.
> 
> In this configuration OpenSSH daemon starts without complains, but
> drops incoming connections immediately after connect.
> 
> The appropriate debug output of SSH daemon (debug level 3) is:
> 
> ------------------- cut here --------------------------------
> ...
> debug2: Network child is on pid 1000
> debug3: privsep user:group 1004:100ed
> debug1: permanently_set_uid: 1004/100
> permanently_set_uid: was able to restore old [e]gid
> ------------------- cut here --------------------------------
> 
> The last line has severity "fatal", and is sent to Event Log.

I know this problem with a slightly different text:

  permanently_set_uid: was able to restore old [e]uid

Note "uid" instead of "gid".  But that problem has been solved already
about a year ago.  I'm a bit surprised to see the above message and I'm
unable to reproduce that problem.

While it's easy to workaround it in OpenSSH, I'd like to understand
why that happens, first.

Could you please send your /etc/passwd and /etc/group files, as well
as the information on which system this is running?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]