This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: ALMOST RESOLVED: ssh service staring problem "bad owner /var/empty" but not fixed (now password sync issue)


OK, done. "qacontrol" is the system where sshd works... "qa2000test" is the system where sshd fails to start.

I ran cygcheck and diffed my results: the broken system lacked the CYGWIN=tty sec variable, which I added in the WIN2K GUI, restarted all my shells and verified the variable was being used. 

NOW I could properly chown the files! Getting closer! :-)

After verifying /var/log/sshd.log, /etc/ssh* and /var/empty/ were all owned by SYSTEM:SYSTEM.

However the sshd service still will not start... but at least the log error is hinting at corrective action (a good thing for people like me :), and my /etc/ssh* files are too open. 

Not wanting to set blanket permissions on /etc/ssh*, I fixed the permissions one-at-a-time, and attempted to start sshd.

I encountered a misleading error message: if /var/empty is chmod 777, you can get bogus log messages like "permissions 0777 for /etc/ssh_host_key' are too open. I fixed that problem, but continued to get the error until I did chmod 755 on /var/empty/. It might be possible for more error checking here.

Well, NOW I can start the server, I get NO error messages... but the Administrator password is rejected. 

Fine: it's not talking to NT's password management. used a local shell to "reset" the Administrator password. I realize this breaks password sync and I do want to fix it.. but at least I have a workaround.

If anyone knows what's misconfigured by that description, suggestion would be most welcome! :-D

Thanks for the cygcheck suggestion. Did you still want me to mail these to you (for your debugging?)

-Scott


> -----Original Message-----
> From: Elfyn [mailto:emcb_exposure@hotmail.com]
> Sent: Wednesday, October 09, 2002 2:21 PM
> To: cygml; Scott Prive
> Subject: Re: ssh service staring problem "bad owner 
> /var/empty" but not
> fixed
> 
> 
> Hi,
> 
> Can you do a cygcheck on all of your cygwin machines so we 
> can compare what
> exactly has changed `cygcheck -s -s -r'... it has to be a 
> change in package.
> ill go through latest changes to see what has be upgraded in packages
> released in the last couple of weeks.
> 
> I got people pis*ed because of this and need to try and get 
> it sorted as im
> sure you do...
> 
> Elfyn
> 
> ----- Original Message -----
> From: "Scott Prive" <Scott.Prive@storigen.com>
> To: "Elfyn" <emcb_exposure@hotmail.com>; "cygml" <cygwin@cygwin.com>
> Sent: Wednesday, October 09, 2002 7:13 PM
> Subject: RE: ssh service staring problem "bad owner 
> /var/empty" but not
> fixed
> 
> 
> I can say this works fine on one system, which I installed a 
> while back.
> 
> Then I got it working on a SECOND system, which worked fine 
> UNTIL I updated
> Cygwin. Then it broke. I sent an email to this list but never 
> got a reply.
> 
> Then I tried a THIRD system, and even a fresh install did not work.
> 
> That first system which still works, I refuse to update Cygwin until I
> understand what broke everything.
> 
> I've come to the conclusion that "something changed" in the 
> packages, but
> obviously it's working on SOME people's systems, right? I see a lot of
> related questions in the recent archives, and suggestions (which I
> followed).
> 
> Then again, I missed seeing any replies that said "thanks, 
> that fixed it"...
> so it's possible those suggestions did not work for them either.
> 
> -Scott
> 
> 
> > -----Original Message-----
> > From: Elfyn [mailto:emcb_exposure@hotmail.com]
> > Sent: Wednesday, October 09, 2002 2:08 PM
> > To: cygml; Scott Prive
> > Subject: Re: ssh service staring problem "bad owner
> > /var/empty" but not
> > fixed
> >
> >
> > Its pretty funky that this has started happening OOTB (out of
> > the blue).
> > have you had a working sshd? ... i forget. have you installed
> > new soft,libs
> > recently... have you downloaded new net-release packages as well?
> >
> > All ive done is install mysql-3.23.52 on cygwin-1.3.12-2,
> > cant see that
> > making a difference.
> >
> > Elfyn
> >
> > ----- Original Message -----
> > From: "Scott Prive" <Scott.Prive@storigen.com>
> > To: "Elfyn" <emcb_exposure@hotmail.com>; "cygml" <cygwin@cygwin.com>
> > Sent: Wednesday, October 09, 2002 7:03 PM
> > Subject: RE: ssh service staring problem "bad owner
> > /var/empty" but not
> > fixed
> >
> >
> > Looks like our problems are somewhat related. I wonder if
> > anyone else has
> > ideas...
> >
> >
> > > -----Original Message-----
> > > From: Elfyn [mailto:emcb_exposure@hotmail.com]
> > > Sent: Wednesday, October 09, 2002 1:44 PM
> > > To: cygml; Scott Prive
> > > Subject: Re: ssh service staring problem "bad owner
> > > /var/empty" but not
> > > fixed
> > >
> > >
> > > Hey,
> > >
> > > What i meant by shared-server is that more than one person
> > > (other than you)
> > > would be accessing the server. So if it is a shared
> > > environment you might
> > > want to tighten security.
> > >
> > > In general you should run things like crond,sshd etc. as the
> > > SYSTEM user as
> > > Administrator doesnt have the required run as service tokens
> > > and others
> > > needed for a run-as-user service unless youve added them in
> > > [domain|local]
> > > security policy(s) thingys in Administrative tools.
> > >
> > > I dont know whats going on. I just had to stop sshd so i
> > > could so i could
> > > get rid of an ssh process that wouldnt go away, went away
> > > when the service
> > > stopped but now i cant restart it. I get these errors in the
> > > eventlog...
> > >
> > > Event Type: Error
> > > Event Source: sshd
> > > Event Category: None
> > > Event ID: 0
> > > Date:  09/10/2002
> > > Time:  17:57:14
> > > User:  NT AUTHORITY\SYSTEM
> > > Computer: W3
> > > Description:
> > > The description for Event ID ( 0 ) in Source ( sshd ) cannot
> > > be found. The
> > > local computer may not have the necessary registry
> > > information or message
> > > DLL files to display messages from a remote computer. The 
> following
> > > information is part of the event: sshd : Win32 Process Id =
> > > 0xCA8 : Cygwin
> > > Process Id = 0xCA8 : starting service `sshd' failed: execv:
> > > 1, Operation not
> > > permitted.
> >
> > YES! I get exactly this message in Event Viewer, except
> > execv=255 error=255
> >
> > >
> > > Event Type: Error
> > > Event Source: sshd
> > > Event Category: None
> > > Event ID: 0
> > > Date:  09/10/2002
> > > Time:  17:57:13
> > > User:  NT AUTHORITY\SYSTEM
> > > Computer: W3
> > > Description:
> > > The description for Event ID ( 0 ) in Source ( sshd ) cannot
> > > be found. The
> > > local computer may not have the necessary registry
> > > information or message
> > > DLL files to display messages from a remote computer. The 
> following
> > > information is part of the event: sshd : Win32 Process Id =
> > > 0x950 : Cygwin
> > > Process Id = 0x950 : starting service `l' failed:
> > > redirect_fd: open (1,
> > > /var/log/sshd.log): 22, Invalid argument.
> > >
> > I don't get this one exactly. The second error I get is 
> line-for-line
> > identical with the first event, minus the bit about 
> "execv=255" (not a
> > different error number... just not there at all).
> >
> > > are you getting anything similar?
> > >
> > > Elfyn
> > >
> > >
> > > ----- Original Message -----
> > > From: "Scott Prive" <Scott.Prive@storigen.com>
> > > To: "Elfyn" <emcb_exposure@hotmail.com>; "cygml" 
> <cygwin@cygwin.com>
> > > Sent: Wednesday, October 09, 2002 6:23 PM
> > > Subject: RE: ssh service staring problem "bad owner
> > > /var/empty" but not
> > > fixed
> > >
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Elfyn [mailto:emcb_exposure@hotmail.com]
> > > > Sent: Wednesday, October 09, 2002 12:02 PM
> > > > To: cygml
> > > > Subject: Re: ssh service staring problem "bad owner
> > > > /var/empty" but not
> > > > fixed
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I had that when i first installed it... i take it the
> > > > permissions on files
> > > > like /etc/sshd* /etc/ssh_host* are exclusive to the SYSTEM
> > > > account (if your
> > > > running a shared-style server) and the service is running as
> > > > SYSTEM.
> > >
> > > Let's see...:
> > > $ ls -l /etc/ssh*
> > > -rw-r--r--    1 Administ None         1049 Sep  5 15:59
> > > /etc/ssh_config
> > > -rw-r--r--    1 Administ None          668 Sep  5 15:19
> > > /etc/ssh_host_dsa_key
> > > -rw-r--r--    1 Administ None          614 Sep  5 15:19
> > > /etc/ssh_host_dsa_key.pub
> > > -rw-r--r--    1 Administ None          539 Sep  5 15:19
> > > /etc/ssh_host_key
> > > -rw-r--r--    1 Administ None          343 Sep  5 15:19
> > > /etc/ssh_host_key.pub
> > > -rw-r--r--    1 Administ None          883 Sep  5 15:19
> > > /etc/ssh_host_rsa_key
> > > -rw-r--r--    1 Administ None          234 Sep  5 15:19
> > > /etc/ssh_host_rsa_key.pub
> > > -rw-r--r--    1 Administ None         2041 Sep  5 15:59
> > > /etc/sshd_config
> > >
> > > Is "Administrator" here perfectly synonymous with "SYSTEM"?
> > > Also, I'm not sure what you mean by "shared style server",
> > > how to verify if
> > > that is my case, or how this would affect things.
> > >
> > > The service in MMC shows it logs on as "Local System
> > > Account", "interact
> > > with desktop" NOT checked. Should this instead be running as
> > > sshd user or
> > > Administrator?
> > >
> > > I personally prefer to get things running "the right way" and
> > > not blow holes
> > > through local security. That said, this is a test lab system
> > > and I'd go the
> > > "hack" way to Make It Work... if I knew what to do next.
> > >
> > > >I got
> > > > around that problem my making the system user the owner of
> > > > /var/empty with
> > > > exclusive rwx permissions and group/other with none. if youre
> > > > not running
> > > > the svc as SYSTEM just adjust the owner to your user.
> > >
> > > I've already `chmod 700 /var/empty`. Not sure what you mean
> > > about ownership
> > > of the service. I'm not sure this was the correct thing to
> > > do, but I tried
> > > setting CYGWIN sshd to log on as Administrator, set the
> > > password, and now it
> > > returns "Error 1069: Logon failure" (the password IS correct).
> > > >
> > > > Have you had problems with ssh when logging in at all?
> > >
> > > I can't even get the service to START.
> > >
> > > >my sshd has for some
> > > > reason been denying access to anyone that trys to login to my
> > > > CYGWIN server
> > > > with a permission/access denied message. nothing in sshd.log
> > > > but event-log
> > > > shows a badpw error (very weird). i know the password is
> > > > correct bacause im
> > > > using terminal services to login to the server right now...
> > > >
> > > > hope the first bit helps, sorry to bore you with the latter :)
> > >
> > > No problem. :-D  I've been reading everything I can on 
> the subject.
> > >
> > > There might be enough demand for a Cygwin book; I'd buy one
> > > in a heartbeat.
> > > With problems like this you get the complexity UNIX is known
> > > for, with NT's
> > > lack of decent error reporting. When you're DONE, of 
> course, you get
> > > powerful UNIX tools, with Win2K's good points (good points? A
> > > free PC in
> > > every box of MS Outlook)   :-)
> > >
> > > I'm still stuck, if anyone else has ideas.
> > >
> > > >
> > > > Elfyn
> > > >
> > > > ----- Original Message -----
> > > > From: "Scott Prive" <Scott.Prive@storigen.com>
> > > > To: "Cygwin" <cygwin@cygwin.com>
> > > > Sent: Wednesday, October 09, 2002 4:12 PM
> > > > Subject: ssh service staring problem "bad owner /var/empty"
> > > > but not fixed
> > > >
> > > >
> > > > Hello,
> > > >
> > > > I understand the problem I am about to ask is not uncommon,
> > > > and I have made
> > > > considerable effort to look for the answers in the archive...
> > > >
> > > > On an up-to-date (today) Cygwin install, sshd refuses to
> > > start (the MS
> > > > Management console gives a useless error). On other
> > systems, I have
> > > > installed Cygwin sshd and it worked fine (I have not done
> > > > this "recently"
> > > > though and I understand there have been changes to ssd 
> of sorts).
> > > >
> > > > When I first attempted this install some weeks back, I
> > > > followed the guide at
> > > > http://tech.erdelynet.com/cygwin-sshd.html
> > > >
> > > > I didn't actually "run the permissions script" as the author
> > > > had just days
> > > > before, pulled down the script. I'm not sure if the other
> > > > steps on this page
> > > > complicate my problem, so I'll mention it.
> > > >
> > > > The first thing I check is /var/log/sshd.log, and it's "bad
> > > > owner or mode
> > > > for /var/empty". OK, it's some sort of NT permissions issue.
> > > > A Google search
> > > > tells me /var/empty should be chmod 700 or 755 (it's 755).
> > > >
> > > > grep /etc/passwd ssh shows ssh account is 1000:513, sshd
> > > > privsep, home of
> > > > /var/empty and shell of /bin/false
> > > >
> > > > I've also tried chowning the directory as SYSTEM:SYSTEM
> > (or 18:18).
> > > >
> > > > I did notice in the MMC Groups panel, there is no VISIBLE
> > > > group for "sshd",
> > > > but there is a sshd user. My Google searches tell me there
> > > should be a
> > > > group, so I attempt to add the group "sshd" and make "sshd"
> > > > user a member. I
> > > > get the error: "while attempting to create the group sshd
> > > on computer
> > > > QA2000TEST: The account already exists". I get this error if
> > > > I attempt to
> > > > create the group "sshd" with or with-out the member "sshd".
> > > >
> > > > I've Reinstalled openssh, and even selected Unininstall
> > > > followed by Install
> > > > in case there was a difference. The version of openssh I have
> > > > is 3.4p1-5
> > > >
> > > > I appreciate any help. I hope I have checked all of the
> > > > obvious "gotchas" so
> > > > I don't waste anyone's time. Thanks.
> > > >
> > > > -Scott
> > > >
> > > > --
> > > > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > > > Bug reporting:         http://cygwin.com/bugs.html
> > > > Documentation:         http://cygwin.com/docs.html
> > > > FAQ:                   http://cygwin.com/faq/
> > > >
> > > > --
> > > > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > > > Bug reporting:         http://cygwin.com/bugs.html
> > > > Documentation:         http://cygwin.com/docs.html
> > > > FAQ:                   http://cygwin.com/faq/
> > > >
> > > >
> > >
> > > --
> > > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > > Bug reporting:         http://cygwin.com/bugs.html
> > > Documentation:         http://cygwin.com/docs.html
> > > FAQ:                   http://cygwin.com/faq/
> > >
> >
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]