This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

sshd service removed by Windows 10 update 1803

From: "Cliff Geschke" <cliff dot geschke at preciseautomation dot com>
To: <cygwin at cygwin dot com>
Date: Wed, 18 Jul 2018 18:51:54 -0500
Subject: sshd service removed by Windows 10 update 1803

As part of a Windows 10 update 1803 a few days ago, the cygwin sshd service was
removed, keeping my users from accessing my server.  I had been successfully
using sshd for several years and it has survived numerous windows updates.

Here is what I have done to fix it:

Disable the following services via W10 computer management.
  OpenSSH Authentication Agent
  SSH Server Broker
  SSH Server Proxy
  SSHdBroker

I'm not sure all those need to be disabled.

Run a bash shell as administrator, and reinstall sshd using cygrunsrv

cygrunsrv --stop sshd
cygrunsrv --remove sshd
cygrunsrv --install sshd --path /usr/sbin/sshd.exe --user cyg_server
cygrunsrv --start sshd

You will get an error from the start command: 
  cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1062:
  The service has not been started.

The task manager shows sshd is indeed running, and remote ssh clients can log
in.  So I am ignoring the error.

cygrunsrv -Q sshd shows the service is stopped.  And W10 computer management
shows it is stopped.  If you try to start it again, it will fail because the
sshd task has a hold on the TCP ports.  If you want to stop/restart to edit
config files, you need to directly kill the sshd task.

After a system restart, W10 starts the correct sshd again.

Simply using "cygrunsrv --install sshd" without --path, installs the MS sshd.
Not what I want.

If you don't specify --user with the --install, W10 will use SYSTEM which does
not have the permissions (SeTcbPrivilege etc) to change to the client user.  So
you get seteuid Operation Not Permitted errors when a remote client tries and
fails to login.  I discovered this the hard way.

BTW, I didn't want to start over with ssh-host-config because I didn't want to
risk invalidating my encryption keys and confuse my remote clients.

Except for the weirdness where computer management and cygrunsrv -Q show the
service is stopped, everything seems to work okay and my users are happy again.

Cliff Geschke
Precise Automation



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]