This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: using sshd as a non-administrator: minor issues and an aliasing question

* eyalroz (Wed, 25 Oct 2006 03:18:26 -0700 (PDT))
> I just installed cygwin with the sshd package on a machine on which I do not
> have admin privileges. The installation of cygwin went fine, and I'm having
> (minor) trouble with sshd:
> 1. (minor issue) When I run ssh-host-config I get a plethora of error
> messages, but they seem mostly harmless, i.e. trying to access places where
> only an admin would go, service lists, etc. Of course, one would except the
> script to check what privileges the user running it has, and only act
> admin-ishly if it is running for an admin, but nevermind.

The approach is different: some things (like creating a user account 
and creating a service) are introduced with a warning that they 
require admin rights. As these require different privileges i think 
the script's approach is less error prone. But Corinna is the definite 
source to that.
> 2. (semi-minor issue) If I try to run sshd, even with
> sePrivilegeSeparation=no, I get:
> Privilege separation user sshd does not exist
> ... which, so I gather, is due to the following:
> WWHHHYYY did they do that?


> Anyway, I fabricated an sshd user by copying my own user line in
> /etc/passwd and replacing the username with sshd. This allows
> sshd.exe to run, fork, background itself and stay running - but I'm
> not sure if what I did is "The right thing (TM)".

I think Corinnna mentioned in the same thread this solution so it 
should be the right thing.
> Now for my questions:
> 1. Should I have installed/configured cygwin/sshd/both in a different way?

If you don't run sshd as a service all you need are the keys - so to 
my knowledge you don't have to install sshd at all with ssh-host-

> 2. Should I report a bug about any of these issues? If so, where to?

Upstream to OpenSSH.

> 3. How do I add new username/password combinations other than my real NT
> username and password? I want the sshd to only accept myalias/tehfauxpass
> instead of myrealuser/therealpass , and of course not try to switch users to
> myalias but rather allow work as myrealuser.

Can't be done in my opinion as /etc/passwd is just a wrapper to the 
SAM where the real password hashes are stored.


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]