This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Windows hardening and system paths
- From: Brian Dessent <brian at dessent dot net>
- To: cygwin at cygwin dot com
- Date: Thu, 18 Aug 2005 02:47:34 -0700
- Subject: Re: Windows hardening and system paths
- References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA5Mn/gf2eOki1anFw3+Z8M8KAAAAQAAAAdUTP2Nsdmkis5Ic8oMDPFAEAAAAA@nsales.dk>
- Reply-to: cygwin at cygwin dot com
Mikkel Rostock wrote:
> > whether you set the permissions and ownership of files correctly
> I haven't changed permissions for any files, since usually when I install it
> on Windows XP this is not necessary.
>
> > created the proper user accounts
> The service is set to use LocalSystem account
This will not work. Under 2k3 you need to create a special user account
and give it extra permissions. This is explained in
/usr/share/doc/Cygwin/openssh.README. However, the details are not
important because all the user-creation and permission-setting is done
for you with the ssh-host-config script which I recommend you use.
Trying to do this by hand can be difficult.
> ----------------------------------------------------------------------------
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
> ----------------------------------------------------------------------------
You have not created the host keys. This is another task that
ssh-host-config will automate for you. You probably don't have a
/etc/sshd_config file either. I recommend that you remove all traces of
whatever you've done by hand to install the sshd service and instead run
the script.
Brian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/