This is the mail archive of the
mailing list for the Cygwin project.
Re: ssh to 2003 server exist immediately
On Mon, 15 May 2006, Andrew DeFaria wrote:
* * wrote:
> You might try reconfiguring with "privilege separation" turned on.
> Also, turn on auditing of failed file access, and/or run sysInternals
> RegMon and FileMon.
Reconfigured with privilege separation turned on. Same problem.
Interesting note: I removed /var/empty so that the ssh-host-config would
recreate it. It does, but it's owned by my user. Starting sshd yields
the following in /var/log/sshd.log:
/var/empty must be owned by root and not group or world-writable.
At first I did chown SYSTEM:SYSTEM /var/empty but that didn't help. It
was not until I did a chown sshd_server /var/empty that I was able to
start sshd. It was not apparent to me that, in this context, "root" ==
"sshd_server" nor that ssh-host-config, knowing that I'm running on 2003
and needing to create a local sshd_server user and using privilege
separation, would not know to do a chown sshd_server on /var/empty. Bug?
Perhaps. We'll need more info on this. FWIW, I used ssh-host-config to
setup sshd with privilege separation, and everything "just worked" (tm).
> I think your sshd_server user doesn't have permission to execute
> Winsock2 which is %SYSTEMROOT%\System32\ws2_32.dll or one of it's
> dependencies. Did you also check the Application Event Log?
Again, whenever I go to view the Application log in the Event Viewer
after trying an ssh it's corrupted. I can right click on the Application
log and Clear All Events, thus creating a new Application log, which
works. But if I do an ssh and go back to the Event Viewer it says the
Application log is corrupted!
Ouch! That's not good, and most likely isn't Cygwin-related. However,
you can get sshd to write somewhere other than to the event log, by
setting up and starting the syslogd service -- then any events sshd
produces will go to syslog. Then you'll be able to actually see them,
invalid characters (if any) and all.
Meantime I edited sshd_server's rights so I could do a "runas
/user:sshd_server cmd". From here I started bash --login -i then did an
"strace /usr/sbin/sshd -d > /tmp/sshd.strace.log 2>&1" (attached). The
"relevant" part seems to be here:
277 3957121 [main] sshd 1404 C:\Cygwin\usr\sbin\sshd.exe: *** fatal error - could not load ws2_32, Win32 error 0
Your mailer wrapped the strace snippet, but this definitely seems
relevant. What does "getfacl /cygdrive/c/WINDOWS/system32/ws2_32.dll"
I'd appreciate any pointers (guesses) at this point?
As Richard (or "* *") pointed out, your sshd_server user probably doesn't
have access to ws2_32.dll.
|\ _,,,---,,_ email@example.com | firstname.lastname@example.org
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html