This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SPAMBayesian] - cygwin sshd on Windows Server 2003 Domain Controller? - Failed Bayesian filter

On Thu, Sep 04, 2003 at 04:56:46PM +0200, Fermin Sanchez wrote:
> I used to have cygwin sshd running on my old Windows 2000 Domain 
> Controller, worked like a charm. Some time ago I switched (reinstalled, 
> actually) my domain controller to Windows Server 2003.
> I went through the usual steps: download, "ssh-host-config -y", security 
> model "ntsec" and installed it as a service. First, it worked for about 5 
> minutes. Then, when I tried to connect from a remote host, I got a network 
> connection error. The server isn't accepting connections any more. 
> Restarting the sshd service in windows results in:

I'm surprised that it worked for 5 minutes.  You mean, without trying
to connect, don't you?

Basically on 2003 the problem is a change of user rights given to the
SYSTEM user when running services.  Microsoft is trying to close a
security hole by removing the CreateTokenPrivilege from all services
running under SYSTEM account.

Workaround:  Create a new account on your machine in the Admin group.
Add the CreateTokenPrivilege in your Local Security Policy dialog. 
Run sshd under that account.  Don't forget to add this user to /etc/passwd.
*DON'T* call this user sshd since that's the user name of an *unprivileged*
user running the sshd child when privilege separation is turned on.

Hope that is in any way related to your actual problem...


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]