This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: can't start sshd


----- Original Message ----- From: "Charles D. Russell"
To: "cygwin cygwin"
Sent: Monday, January 08, 2007 9:22 AM
Subject: Re: can't start sshd



Windows event log shows only information events (id 0) from sshd, but /var /log/sshd.log showed:

/var/empty must be owned by root and not group or world-writable

Presumably that is my problem, since ls shows:

drwxr-xr-x+ 2 cdr None 0 Jan 6 13:48 empty/

The simple hack of disabling privilege separation has given me a working system, which I am not inclined to monkey with, but if I have problems in the future I'll pursue this track. Thanks for the advice.


It is my experience that 90% of the time, if sshd refuses to start or if ssh refuses to connect, there is a file permission problem somewhere. Most of the required permissions make sense if you think about them:


1. Host key not writable
2. /var/empty not writable so that sshd cannot be hacked
3. configuration file not writable by just anyone.
4. others, consult SSH documentation

If you cannot connect, check

1. Private key is not readable by others (duh)
2. Authorized keys is not writable (double duh)
3. others, consult SSH documentation

And be sure that you have a configuration which supports file permissions. You may need ntsec and ntea if using FAT, consult your documentation for details.

If you set up sshd using the ssh-host-config and ssh-user-config scripts, these will all be correct by default, but once you have tweaked the configurations, these scripts won't overwrite them by default.

A warning, NEVER let windows touch the permissions on a cygwin tree. Many things in unixes depend on permissions being set a certain, rational, way. Trying to fix things by setting permissions on a whole tree can make a horrible mess, please resist the temptation to fix things this way. I speak from experience here.

Cygwin works much better if you use ntfs. Emulating permissions on FAT systems will allow things to work, but provides no real security and shouldn't be used on a machine accesible from the public network.

Hope this helps.


-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]