Need information on creating service user to connect from the Agent server to Windows hosts for installing agents on remote

Stephen Carrier carrier@berkeley.edu
Wed Aug 19 16:32:42 GMT 2020 

On Sun, Aug 16, 2020 at 11:36:10AM +0200, Marco Atzeri via Cygwin wrote:
> On 16.08.2020 10:17, Subramanya Narayanaswamy via Cygwin wrote:
> > Hi Team,
> > 
> > I'm facing below issue while trying to start CYGSSHD server. I'm running the below command as an Administrator but not sure why cygsshd is not starting. Any help?
> > --------------------------------------------------------------
> > $ net start cygsshd
> > The CYGWIN cygsshd service is starting.
> > The CYGWIN cygsshd service could not be started.
> > 
> > The service did not report an error.
> > 
> > More help is available by typing NET HELPMSG 3534.
> > 
> > Subramanya
> > 
> 
> I saw the same problem.
> The /var/log/sshd.log gave me the hint:
> -----------------------------------------------
> Permissions 0640 for '/etc/ssh_host_rsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ecdsa_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> ..
> Permissions 0640 for '/etc/ssh_host_ed25519_key' are too open.
> It is required that your private key files are NOT accessible by others.
> This private key will be ignored.
> sshd: no hostkeys available -- exiting.
> ------------------------------------------------

/var/log/sshd.config may provide helpful clues even if the issue is
different from loose permissions on the private keys.  Let us know what
you find there if you are still having trouble.

> from the Admin account
> 
>  $ cd /etc
>  $ chmod 600 ssh*
> 
> solved the problem

It may have but ... There is no need to restrict permissions on the
public keys and restricting permissions on /etc/ssh_config may interfere
with ssh client use by non-Administrator users.  Moreover, I don't think
/etc/sshd_config needs to be restricted though that could be a judgement
call.

Perhaps

$ chmod 600 ssh_host_*_key

is enough to fix the private key permissions, if in fact that is the problem.

>  $ cygrunsrv -Q cygsshd
....

"cygrunsrv -V -Q cygsshd" will reveal even more information.

--Stephen

More information about the Cygwin mailing list