This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

openSSH 'privilege separation feature


Dear Cygwinners!

I've just upgraded to the latest OpenSSH cygwin package, viz., 3.3p1-1
and it seems the new 'privilege separation' feature is causing problems.

The first problem was that after upgrading, the sshd service would not
start. /var/log/sshd.log indicated the username sshd did not exist so
'privilelge separation' did not work.

I then followed some instructiosn on the Openssh WEB pages which said I
had to create a user called sshd and also a group sshd and also create a
directory /var/empty which I chown'd to SYSTEM.SYSTEM. The sshd service
would then start without error.

However, when trying to ssh to my PC, debug output from sshd shows the
following:

----------- sshd output starts here -------------------
C:\cygwin\usr\sbin>sshd -d > sshd.log
debug1: sshd version OpenSSH_3.3
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 130.88.201.150 port 2608
debug1: Client protocol version 2.0; client software version OpenSSH_3.3
debug1: match: OpenSSH_3.3 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.3
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1615/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1616/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user zzalsaca service ssh-connection method
none
debug1: attempt 0 failures 0
Failed none for zzalsaca from 130.88.201.150 port 2608 ssh2
Failed none for zzalsaca from 130.88.201.150 port 2608 ssh2
debug1: userauth-request for user zzalsaca service ssh-connection method
publick
ey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 1000/513 (e=18)
debug1: trying public key file /home/zzalsaca/.ssh/authorized_keys
debug1: matching key found: file /home/zzalsaca/.ssh/authorized_keys,
line 1
Found matching DSA key: 84:41:80:86:3c:50:aa:c6:92:c0:c0:1a:3e:ab:46:ab
debug1: restore_uid
Postponed publickey for zzalsaca from 130.88.201.150 port 2608 ssh2
debug1: userauth-request for user zzalsaca service ssh-connection method
publick
ey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 1000/513 (e=18)
debug1: trying public key file /home/zzalsaca/.ssh/authorized_keys
debug1: matching key found: file /home/zzalsaca/.ssh/authorized_keys,
line 1
Found matching DSA key: 84:41:80:86:3c:50:aa:c6:92:c0:c0:1a:3e:ab:46:ab
debug1: restore_uid
debug1: ssh_dss_verify: signature correct
Accepted hostbased for zzalsaca from 130.88.201.150 port 2608 ssh2
debug1: monitor_child_preauth: zzalsaca has been authenticated by
privileged pro
cess
Accepted publickey for zzalsaca from 130.88.201.150 port 2608 ssh2
debug1: newkeys: mode 0
debug1: newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: init
debug1: session_new: session 0
mm_send_fd: sendmsg(3): Bad address
debug1: Calling cleanup 0x415acc(0x446474)
debug1: session_pty_cleanup: session 0 release /dev/tty2
syslogin_perform_logout: logout() returned an error
debug1: Calling cleanup 0x41c724(0x0)
mm_receive_fd: recvmsg: expected received 1 got 0
debug1: Calling cleanup 0x427064(0x0)
debug1: channel_free: channel 0: server-session, nchannels 1
debug1: Calling cleanup 0x41c724(0x0)

C:\cygwin\usr\sbin>
-------------- sshd output ends here ------------------

It looks to me like the line starting mm_send_fd is where the problem
lies, but I don't know what it means.

Can anyone help?

Regards,
Tony.
-- 
Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,
University of Manchester, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E-mail: tony.arnold@man.ac.uk, Home: http://www.man.ac.uk/Tony.Arnold


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]