Hi,
the following patch changes two files in the contrib/cygwin subdir:
It changes the Cygwin specific README file which adds some hints
related to the new feature to switch user context without password
(which means using public key and/or rhosts authentication). Some
old stuff is erased.
The changes to ssh-host-config are intended to allow an easier
startup for users which are new to Cygwin and/or OpenSSH.
Corinna
Index: contrib/cygwin/README
==================================================================RCS file:
/cvs/openssh_cvs/contrib/cygwin/README,v
retrieving revision 1.5
diff -u -p -r1.5 README
--- contrib/cygwin/README 2001/05/03 22:45:22 1.5
+++ contrib/cygwin/README 2001/07/11 20:40:02
@@ -1,6 +1,15 @@
-This package is the actual port of OpenSSH to Cygwin 1.1.
+This package is the actual port of OpenSSH to Cygwin 1.3.
==========================================================================+Important
change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+==========================================================================+
+==========================================================================
Important change since 2.3.0p1:
When using `ntea' or `ntsec' you now have to care for the ownership
@@ -37,6 +46,9 @@ Options:
--no -n Answer all questions with "no"
automatically.
--port -p <n> sshd listens on port n.
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
You can create the private and public keys for a user now by running
/usr/bin/ssh-user-config
@@ -53,16 +65,12 @@ Options:
--no -n Answer all questions with "no"
automatically.
--passphrase -p word Use "word" as passphrase automatically.
-Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
(results in very slow deamon startup!) or from the command line (recommended
on 9X/ME).
-If you start sshd as deamon via SRVANY.EXE you will see two
-sshd processes in the process list unless you give the "-D"
-option to sshd. That will avoid that sshd detaches from the
-controlling terminal and it will remain under process control
-of SRVANY.EXE. That allows easy killing of the service by
-using the `net stop <servicename>' command.
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at
all.
If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
following line to your inetd.conf file:
@@ -74,6 +82,10 @@ ${SYSTEMROOT}/system32/drivers/etc/servi
sshd 22/tcp #SSH daemon
+==========================================================================+The
following restrictions only apply to Cygwin versions up to 1.3.1
+==========================================================================+
Authentication to sshd is possible in one of two ways.
You'll have to decide before starting sshd!
@@ -145,26 +157,22 @@ way as they are used by the `login' port
SSH2 server and user keys are generated by the `ssh-*-config' scripts
as well.
-SSH2 authentication similar to SSH1:
- Add keys to ~/.ssh/authorized_keys2
-Interop. w/ ssh.com dsa-keys:
- ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
-and vice versa:
- ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
- echo Key mykey.pub >> ~/.ssh2/authorization
-
If you want to build from source, the following options to
configure are used for the Cygwin binary distribution:
---prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir='${exec_prefix}/sbin \
+ --with-pcre
You must have installed the zlib, openssl and regex packages to
-be able to build OpenSSH!
+be able to build OpenSSH! The `--with-pcre' option requires
+the installation of the pcre package.
-Please send requests, error reports etc. to cygwin at sources.redhat.com.
+Please send requests, error reports etc. to cygwin at cygwin.com.
Have fun,
-Corinna Vinschen <vinschen at cygnus.com>
+Corinna Vinschen <vinschen at redhat.com>
Cygwin Developer
Red Hat Inc.
Index: contrib/cygwin/ssh-host-config
==================================================================RCS file:
/cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.2
diff -u -p -r1.2 ssh-host-config
--- contrib/cygwin/ssh-host-config 2001/03/07 10:38:19 1.2
+++ contrib/cygwin/ssh-host-config 2001/07/11 20:40:03
@@ -309,7 +309,13 @@ PermitRootLogin yes
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
-StrictModes yes
+
+#
+# The following setting overrides permission checks on host key files
+# and directories. For security reasons set this to "yes" when
running
+# NT/W2K, NTFS and CYGWIN=ntsec.
+StrictModes no
+
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
@@ -325,12 +331,9 @@ RhostsAuthentication no
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
-# To install for logon to different user accounts change to "no" here
RSAAuthentication yes
-# To install for logon to different user accounts change to "yes"
here
-PasswordAuthentication no
-
+PasswordAuthentication yes
PermitEmptyPasswords no
CheckMail no
@@ -435,6 +438,48 @@ then
echo '# ssh stream tcp nowait root /usr/sbin/sshd -i'
>> "${_inetcnf}"
fi
echo "Added ssh to ${_inetcnf}"
+ fi
+fi
+
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+ echo "Creating /var/log failed\!"
+else
+ if [ ! -d /var/log ]
+ then
+ mkdir /var/log
+ fi
+ if [ -d /var/log/lastlog ]
+ then
+ echo "Creating /var/log/lastlog failed\!"
+ elif [ ! -f /var/log/lastlog ]
+ then
+ cat /dev/null > /var/log/lastlog
+ fi
+fi
+
+# On NT ask if sshd should be installed as service
+if [ $_nt -gt 0 ]
+then
+ echo
+ echo "Do you want to install sshd as service?"
+ if request "(Say \"no\" if it's already installed as
service)"
+ then
+ echo
+ echo "Which value should the environment variable CYGWIN have
when"
+ echo "sshd starts? It's recommended to set at least
\"ntsec\" to be"
+ echo "able to change user context without password."
+ echo -n "Default is \"binmode ntsec tty\". CYGWIN="
+ read _cygwin
+ [ -z "${_cygwin}" ] && _cygwin="binmode ntsec
tty"
+ if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e
"CYGWIN=${_cygwin}"
+ then
+ chown system /etc/ssh*
+ echo
+ echo "The service has been installed under LocalSystem
account."
+ fi
fi
fi
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com