This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd on XP Home: "ssh_exchange_identification: Connection closed by remote host"


At 05:48 PM 1/8/2005, you wrote:
>I've been working on getting sshd working on my XP Home SP1 box but I've
>run into a problem I can't get past.  sshd is running as a daemon but
>won't allow me to connect to it.
>
>Starting with updated versions of all installed cygwin packaged
>including a clean openssh 3.9p1-2 install (no /etc/ssh* or ~/.ssh, sshd
>removed from /etc/passwd, "net user sshd /del"), here's how I set it up.
>I was logged in as "Ernie", which has Administrator privs:
>
>======================================================================
>
>% ssh-host-config -y
>Generating /etc/ssh_host_key
>Generating /etc/ssh_host_rsa_key
>Generating /etc/ssh_host_dsa_key
>Generating /etc/ssh_config file
>Privilege separation is set to yes by default since OpenSSH 3.3.
>However, this requires a non-privileged account called 'sshd'.
>For more info on privilege separation read /usr/share/doc/openssh/README.privsep.
>
>Should privilege separation be used? (yes/no) yes
>Generating /etc/sshd_config file
>
>Warning: The following functions require administrator privileges!
>
>Do you want to install sshd as service?
>(Say "no" if it's already installed as service) (yes/no) yes
>
>Which value should the environment variable CYGWIN have when
>sshd starts? It's recommended to set at least "ntsec" to be
>able to change user context without password.
>Default is "ntsec".  CYGWIN=ntsec tty
>
>The service has been installed under LocalSystem account.
>To start the service, call `net start sshd' or `cygrunsrv -S sshd'.
>
>Host configuration finished. Have fun!


>>>>>>>

>% net user sshd /add /homedir:d:\\cygwin\\var\\empty /active:no
>The command completed successfully.
>
>% mkpasswd -l -u sshd | sed -e 's/bash/false/' >> /etc/passwd
>
>% grep "^sshd:" /etc/passwd
>sshd:unused_by_nt/2000/xp:1010:513:U-SLEEPWALK\sshd,S-1-5-21-1482476501-1682526488-854245398-1010:/var/empty:/bin/false
>
>% echo "" > /var/log/sshd.log
>
>% chown SYSTEM:SYSTEM /etc/ssh* /var/empty /var/log/sshd.log /var/log/lastlog


<<<<<<

I'm confused.  Why are you redoing stuff that the script you just ran did
for you?  You're setting ownerships here that are different than the 
'ssh-host-config' script.  This isn't a good idea generally.  What's the 
reason for doing it?  


>% ssh-user-config
>Shall I create an SSH1 RSA identity file for you? (yes/no) no
>Shall I create an SSH2 RSA identity file for you? (yes/no)  (yes/no) yes
>Generating /home/Ernie/.ssh/id_rsa
>Enter passphrase (empty for no passphrase): 
>Enter same passphrase again: 
>Do you want to use this identity to login to this machine? (yes/no) yes
>Adding to /home/Ernie/.ssh/authorized_keys
>Shall I create an SSH2 DSA identity file for you? (yes/no)  (yes/no) yes
>Generating /home/Ernie/.ssh/id_dsa
>Enter passphrase (empty for no passphrase): 
>Enter same passphrase again: 
>Do you want to use this identity to login to this machine? (yes/no) yes
>Adding to /home/Ernie/.ssh/authorized_keys
>
>Configuration finished. Have fun!
>
>% ls -l /etc/ssh*
>-rwxr-x---  1 SYSTEM Administrators 1159 Jan  8 14:24 /etc/ssh_config
>-rw-------  1 SYSTEM Administrators  668 Jan  8 14:24 /etc/ssh_host_dsa_key
>-rw-r--r--  1 SYSTEM Administrators  605 Jan  8 14:24 /etc/ssh_host_dsa_key.pub
>-rw-------  1 SYSTEM Administrators  530 Jan  8 14:24 /etc/ssh_host_key
>-rw-r--r--  1 SYSTEM Administrators  334 Jan  8 14:24 /etc/ssh_host_key.pub
>-rw-------  1 SYSTEM Administrators  887 Jan  8 14:24 /etc/ssh_host_rsa_key
>-rw-r--r--  1 SYSTEM Administrators  225 Jan  8 14:24 /etc/ssh_host_rsa_key.pub
>-rw-r--r--  1 SYSTEM Administrators 2807 Jan  8 14:24 /etc/sshd_config
                      ^^^^^^^^^^^^^^^
So it looks like the 'chown' you did above didn't work right anyway.  That's
suspicious.


>% ls -l ~/.ssh
>total 6
>-rw-------+ 1 Ernie None 830 Jan  8 14:26 authorized_keys
>-rw-------  1 Ernie None 668 Jan  8 14:26 id_dsa
>-rw-r--r--  1 Ernie None 605 Jan  8 14:26 id_dsa.pub
>-rw-------  1 Ernie None 883 Jan  8 14:26 id_rsa
>-rw-r--r--  1 Ernie None 225 Jan  8 14:26 id_rsa.pub
>-rw-r--r--  1 Ernie None 236 Jan  8 14:29 known_hosts
>
>% cygrunsrv -S sshd
>
>[ sshd is up and running at this point ]
>
>% ssh Ernie@127.0.0.1
>ssh_exchange_identification: Connection closed by remote host

This could be due to ownership problems from above.

>% cygrunsrv -E sshd
>
>% chown Ernie:None /etc/ssh* /var/empty /var/log/sshd.log /var/log/lastlog
>
>% /usr/sbin/sshd -d -d -d
>debug2: load_server_config: filename /etc/sshd_config
>debug2: load_server_config: done config len = 187
>debug2: parse_server_config: config /etc/sshd_config len 187
>debug1: sshd version OpenSSH_3.9p1
>debug1: private host key: #0 type 0 RSA1
>debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
>debug1: read PEM private key done: type RSA
>debug1: private host key: #1 type 1 RSA
>debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
>debug1: read PEM private key done: type DSA
>debug1: private host key: #2 type 2 DSA
>debug1: rexec_argv[0]='/usr/sbin/sshd'
>debug1: rexec_argv[1]='-d'
>debug1: rexec_argv[2]='-d'
>debug1: rexec_argv[3]='-d'
>debug2: fd 3 setting O_NONBLOCK
>debug1: Bind to port 22 on 0.0.0.0.
>Server listening on 0.0.0.0 port 22.
>Generating 768 bit RSA key.
>RSA key generation complete.
>
>[ Here I run 'ssh Ernie@127.0.0.1' from another shell ]
>
>debug3: fd 4 is not O_NONBLOCK
>debug1: Server will not fork when running in debugging mode.
>debug3: send_rexec_state: entering fd = 7 config len 187
>debug3: ssh_msg_send: type 0
>debug3: send_rexec_state: done
>debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7


Huh?  What's this supposed to show?  Why would you change permissions on 
the above files to 'Ernie' and then run 'sshd' as debug?  That makes no
sense.  If you left the ownership of these files as they were and then
ran 'sshd' as debug, that would have made some sense and you would likely
get some useful feedback.  You could try that if you want to track your
custom installation problem further. 


>======================================================================
>
>Naturally, this all worked right out of the box on XP Pro at work.


That's the way it's intended.  Install.  Run the setup scripts.  Log in.
What could be more beautiful? ;-)


>Any ideas or suggestions?


Sure.  Use the configuration scripts to do all the configuration and run 
like that.  That's why the scripts exist.  If you want to do your own thing,
that's fine but you'll have to figure out the problems this causes on your
own.  We've had allot of good luck with these scripts so they are highly
recommended and should work for you without any other alterations.  If they
don't, then we want to hear about it.  If that's the case for you, consult
<http://cygwin.com/problems.html> and follow all the guidelines for reporting 
problems.


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
838 Washington Street                   (508) 893-9889 - FAX
Holliston, MA 01746                     


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]