sshd: fork of unprivileged child failed

René Berber r.berber@computer.org
Mon Jun 5 01:06:00 GMT 2006


Robin Walker wrote:
> --On 04 June 2006 16:27 -0500 René Berber <ARG!!> wrote:

Please sanitize the responses, we don't want our e-mail addresses in the open.

>> Robin Walker wrote:
>>
>>> I have a system with Cygwin sshd installed that refuses to accept
>>> connections.  sshd is running and listening on port 22.
>>>
>>> In the Windows Application Log there are, for each failed connection
>>> attempt, entries of the form:
>>>
>>> sshd: PID xxxx: fatal: fork of unprivileged child failed.
>>
>> What is you configuration in respect to privilege separation?
> 
> UsePrivilegeSeparation yes

Did you check if the rest of the configuration for using privilege separation
was done (i.e. the creation of the unprivileged user sshd, the creation of the
/var/empty directory with owner SYSTEM and all access).

The error message shows that the main sshd server is running but it cannot spawn
child processes, which it always does on a new connection (privilege or not) so
the second process failure is the interesting part.  The error message doesn't
show anything from that second process.

You could try changing that setting, sshd will spawn a second process but this
time under user SYSTEM... if that works then we can narrow the possibilities.

To be more precise, from /usr/share/doc/openssh/README.privsep: "On Cygwin...
only the pre-authentication part of privsep is supported."  So before auth there
is a process running under sshd and after the second process runs under SYSTEM.
 That is why I would check if that user exists in Windows, in /etc/passwd, and
the part about /var/empty.

>> And a few more details could be useful, version of Windows,
> 
> XP Pro, fully up to date.
> 
>> any special ssh configuration?
> 
> I have not configured anything.  It used to work: now it doesn't.
> 
>> was sshd and users installed following the provided documentation?
> 
> To what provided documentation are you referring?

/usr/share/doc/Cygwin/openssh.README and for WinXP the recommendation is only to
use ssh-host-config and ssh-user-config.
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list