Hi,
I am using a software package called WPKG (wpkg.org) to silently deploy Cygwin
and then configure SSHD. The Cygwin installation works like a charm.
Configuring sshd is another story. If I run my script from a admin command
prompt, I am to setup sshd. If I run that same script from WPKG, it fails. The
only difference is that the WPKG agent runs as the SYSTEM user. I assume SCCM
(Microsoft System Center Configuration Manager) users would have the same issue
since their agent also run as SYSTEM.
Any ideas other than pulling apart /usr/bin/ssh-host-config and trying to do
this manually myself ??
Here is some of the debugging I captured. Notice how the permissions at [0] and
[1] don't match, I can't explain that one. Updating Cygwin doesn't solve my
problem.
Windows 7 Enterprise x64 SP 1
2GB RAM
VirtualBox 4.3.6
======
before running ssh-host-config (wpkg)
touch /var/log/sshd.log
chmod 700 /var/empty
chown SYSTEM /var/empty
ls -lad /var/empty
[0] drwx------+ 1 SYSTEM Administrators 0 Feb 21 13:07 /var/empty
/usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd blah
�[1;32m*** Info:�[0;0m Generating /etc/ssh_host_key
�[1;32m*** Info:�[0;0m Generating /etc/ssh_host_rsa_key
�[1;32m*** Info:�[0;0m Generating /etc/ssh_host_dsa_key
�[1;32m*** Info:�[0;0m Generating /etc/ssh_host_ecdsa_key
�[1;32m*** Info:�[0;0m Creating default /etc/ssh_config file
�[1;32m*** Info:�[0;0m Creating default /etc/sshd_config file
�[1;32m*** Info:�[0;0m Privilege separation is set to yes by default since
OpenSSH 3.3.
�[1;32m*** Info:�[0;0m However, this requires a non-privileged account called
'sshd'.
�[1;32m*** Info:�[0;0m For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.
�[1;35m*** Query:�[0;0m Should privilege separation be used? (yes/no) yes
�[1;33m*** Warning:�[0;0m The owner and the Administrators need
�[1;33m*** Warning:�[0;0m to have r.x permission to /var/empty.
�[1;33m*** Warning:�[0;0m Here are the current permissions and ACLS:
[1] �[1;33m*** Warning:�[0;0m drwxr-xr-x+ 1 SYSTEM Administrators 0 Feb 21
13:07 /var/empty
�[1;33m*** Warning:�[0;0m # file: /var/empty
�[1;33m*** Warning:�[0;0m # owner: SYSTEM
�[1;33m*** Warning:�[0;0m # group: Administrators
�[1;33m*** Warning:�[0;0m user::rwx
�[1;33m*** Warning:�[0;0m group::r-x
�[1;33m*** Warning:�[0;0m mask:rwx
�[1;33m*** Warning:�[0;0m other:r-x
�[1;33m*** Warning:�[0;0m default:user::rwx
�[1;33m*** Warning:�[0;0m default:group::r-x
�[1;33m*** Warning:�[0;0m default:other:r-x
�[1;33m*** Warning:�[0;0m �[1;33m*** Warning:�[0;0m Please change the user
and/or group ownership, �[1;33m*** Warning:�[0;0m permissions, or ACLs of
/var/empty.
�[1;31m*** ERROR:�[0;0m Problem with /var/empty directory. Exiting.
----
I call my script like the following:
start /wait %CYGWIN_ROOT%\bin\bash.exe --login -i
/cygdrive/c/windows/temp/config-sshd-win7.sh "%cyg_server_passwd%"
config-sshd-win7.sh script:
------snip------
#/bin/sh
echo running ssh-host-config
if [ -f /cygdrive/c/netinst/logs/ssh-host-config.log ]; then
rm -f /cygdrive/c/netinst/logs/ssh-host-config.log
fi
echo before ssh-host-config > /cygdrive/c/netinst/logs/ssh-host-config.log
#setup permissions and owership of files
echo setting up permissions
echo touch /var/log/sshd.log >> /cygdrive/c/netinst/logs/ssh-host-config.log
touch /var/log/sshd.log >> /cygdrive/c/netinst/logs/ssh-host-config.log
if [ ! -d /var/empty ]; then
mkdir /var/empty
fi
#echo chown system /var/log/sshd.log /var/empty /etc/ssh_h* >>
/cygdrive/c/netinst/logs/ssh-host-config.log
chown system /var/log/sshd.log /var/empty /etc/ssh_h* >>
/cygdrive/c/netinst/logs/ssh-host-config.log
#echo chmod 700 /var/empty >> /cygdrive/c/netinst/logs/ssh-host-config.log
chmod 700 /var/empty >> /cygdrive/c/netinst/logs/ssh-host-config.log
echo /usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd >>
/cygdrive/c/netinst/logs/ssh-host-config.log
/usr/bin/ssh-host-config --yes --cygwin ntsec --user cyg_server --pwd "$1" >>
/cygdrive/c/netinst/logs/ssh-host-config.log
echo after ssh-host-config >> /cygdrive/c/netinst/logs/ssh-host-config.log
echo ls -lad /var/empty >> /cygdrive/c/netinst/logs/ssh-host-config.log
ls -lad /var/empty >> /cygdrive/c/netinst/logs/ssh-host-config.log
#Prohibits a user or group from logging on locally at the keyboard.
editrights -a SeDenyRemoteInteractiveLogonRight -u cyg_server
echo listing services: cygrunsrv -L >>
/cygdrive/c/netinst/logs/ssh-host-config.log
cygrunsrv -L >> /cygdrive/c/netinst/logs/ssh-host-config.log
echo starting sshd: cygrunsrv -S sshd >>
/cygdrive/c/netinst/logs/ssh-host-config.log
cygrunsrv -S sshd
echo cd "/home/Administrator" >> /cygdrive/c/netinst/logs/ssh-host-config.log
chmod 750 /home/Administrator
cd /home/Administrator
echo mkdir .ssh >> /cygdrive/c/netinst/logs/ssh-host-config.log
mkdir .ssh
echo chmod 700 .ssh >> /cygdrive/c/netinst/logs/ssh-host-config.log
chmod 700 .ssh
ls -lad .ssh >> /cygdrive/c/netinst/logs/ssh-host-config.log
echo cp //xxxxx/xxx/site/ssh/authorized_keys .ssh/authorized_keys >>
/cygdrive/c/netinst/logs/ssh-host-config.log
cp //xxxx/xxxx/site/ssh/authorized_keys .ssh/authorized_keys >>
/cygdrive/c/netinst/logs/ssh-host-config.log
echo ls -l .ssh/authorized_keys >> /cygdrive/c/netinst/logs/ssh-host-config.log
ls -l .ssh/authorized_keys >> /cygdrive/c/netinst/logs/ssh-host-config.log
echo chmod 644 .ssh/authorized_keys >>
/cygdrive/c/netinst/logs/ssh-host-config.log
chmod 644 .ssh/authorized_keys
ls -l .ssh/authorized_keys >> /cygdrive/c/netinst/logs/ssh-host-config.log
mkpasswd -l >> /etc/passwd
mkgroup -l >> /etc/group
-------snip------
Thank You
Paul
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
