ssh logon failure

Larry Hall (Cygwin) reply-to-list-only-lh@cygwin.com
Fri Oct 25 02:30:00 GMT 2013 

On 10/24/2013 8:52 PM, Dan Greenspan wrote:
> I experienced the "operation not permitted" problem as many others have.
>
> I had not changed my setup when the error was experienced, but I noticed
> that every computer which presented this difficulty was a work machine with
> our IT security suite installed.  On every PC _without_ an IT security
> package, cygwin sshd worked just fine out of the box. On any PC without a
> security package which subsequently had one installed, sshd stopped working.
>
> Like at least one other user, I have concluded that my "evil" IT people are
> the root cause of the problem.  However, they are of no help whatsoever. By
> some combination of dumb luck, relentless hacking and bits of help online, I
> arrived at the following conslusions and solution:
>
> Problem one: by default, cygwin sshd uses the windows log, which is hard to
> read and doesn't contain the desired diagnostic output. Fixing this revealed
> useful clues.
>
> Problem two: /var/empty had the incorrect owner.
>
> THE FIX:
>
> 1) Setup cygwin's sshd normally by invoking: ssh-host-config -y (If you have
> been thrashing about trying to solve this problem and have changed
> permissions and config files, just run the script again to ensure that your
> setup is reasonable)
> 2) DON'T START sshd.
> 3) Issue "chown SYSTEM /var/empty"
> 4) Uninstall the default sshd service by invoking: cygrunsrv --remove sshd
> 5) Reinstall the service and make the sshd output go to /var/log/sshd.log by
> invoking: cygrunsrv -I sshd -d "Cygwin sshd" -p /usr/sbin/sshd -a '-D -e'
>
> I hope this works for you.

Thanks for taking the time to look into this and for posting your findings.
Can I ask what O/S version you're running on the machines where you see
this problem?  Part of my reason for asking is that "SYSTEM" is only a
valid owner for '/var/empty' on XP machines.  For later versions, it should
be "cyg-server" (and actually, "cyg-server" should work fine on XP machines
as well).

-- 
Larry

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list