This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh logon failure


On 10/24/2013 8:52 PM, Dan Greenspan wrote:
I experienced the "operation not permitted" problem as many others have.

I had not changed my setup when the error was experienced, but I noticed
that every computer which presented this difficulty was a work machine with
our IT security suite installed.  On every PC _without_ an IT security
package, cygwin sshd worked just fine out of the box. On any PC without a
security package which subsequently had one installed, sshd stopped working.

Like at least one other user, I have concluded that my "evil" IT people are
the root cause of the problem.  However, they are of no help whatsoever. By
some combination of dumb luck, relentless hacking and bits of help online, I
arrived at the following conslusions and solution:

Problem one: by default, cygwin sshd uses the windows log, which is hard to
read and doesn't contain the desired diagnostic output. Fixing this revealed
useful clues.

Problem two: /var/empty had the incorrect owner.

THE FIX:

1) Setup cygwin's sshd normally by invoking: ssh-host-config -y (If you have
been thrashing about trying to solve this problem and have changed
permissions and config files, just run the script again to ensure that your
setup is reasonable)
2) DON'T START sshd.
3) Issue "chown SYSTEM /var/empty"
4) Uninstall the default sshd service by invoking: cygrunsrv --remove sshd
5) Reinstall the service and make the sshd output go to /var/log/sshd.log by
invoking: cygrunsrv -I sshd -d "Cygwin sshd" -p /usr/sbin/sshd -a '-D -e'

I hope this works for you.

Thanks for taking the time to look into this and for posting your findings.
Can I ask what O/S version you're running on the machines where you see
this problem?  Part of my reason for asking is that "SYSTEM" is only a
valid owner for '/var/empty' on XP machines.  For later versions, it should
be "cyg-server" (and actually, "cyg-server" should work fine on XP machines
as well).

--
Larry

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]