Corinna Vinschen
2002-Jul-07 10:00 UTC
[PATCH]: Some fixes in contrib/cygwin/ssh-host-config
Hi,
the attached patch changes the ssh-host-config script in the following
way:
- Actually exit if ssh processes are still running. The "exit 1"
is commented out for testing purposes and I accidentally left it
this way when sending the patch to this list :-(
- Create the Windows NT account "sshd" so that it's deactivated.
So even if the administrator(s) for some reason allow to login
w/o password, nobody can login to the sshd account. This is
e. g. a problem on XP Home machines where login w/o password is
*gulp* a default setting.
- Create the /etc/passwd entry for "sshd" so that the shell is set
to /bin/false instead of /bin/bash.
Thanks,
Corinna
Index: contrib/cygwin/ssh-host-config
==================================================================RCS file:
/cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.7
diff -u -p -r1.7 ssh-host-config
--- contrib/cygwin/ssh-host-config 5 Jul 2002 23:22:32 -0000 1.7
+++ contrib/cygwin/ssh-host-config 7 Jul 2002 09:52:24 -0000
@@ -107,7 +107,7 @@ then
echo
echo "There are still ssh processes running. Please shut them down
first."
echo
- #exit 1
+ exit 1
fi
# Check for ${SYSCONFDIR} directory
@@ -340,7 +340,7 @@ then
if request "Shall this script create a local user 'sshd' on
this machine?"
then
dos_var_empty=`cygpath -w /var/empty`
- net user sshd /add /fullname:"sshd privsep"
"/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 &&
sshd_in_sam=yes
+ net user sshd /add /fullname:"sshd privsep"
"/homedir:$dos_var_empty" /active:no > /dev/null 2>&1
&& sshd_in_sam=yes
if [ "$sshd_in_sam" != "yes" ]
then
echo "Warning: Creating the user 'sshd' failed!"
@@ -354,7 +354,7 @@ then
echo " Check your ${SYSCONFDIR}/sshd_config file!"
privsep_used=no
else
- mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd
+ mkpasswd -l -u sshd | sed -e 's/bash$/false/' >>
${SYSCONFDIR}/passwd
fi
fi
else
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
Applied. On Sun, 7 Jul 2002, Corinna Vinschen wrote:> Hi, > > the attached patch changes the ssh-host-config script in the following > way: > > - Actually exit if ssh processes are still running. The "exit 1" > is commented out for testing purposes and I accidentally left it > this way when sending the patch to this list :-( > > - Create the Windows NT account "sshd" so that it's deactivated. > So even if the administrator(s) for some reason allow to login > w/o password, nobody can login to the sshd account. This is > e. g. a problem on XP Home machines where login w/o password is > *gulp* a default setting. > > - Create the /etc/passwd entry for "sshd" so that the shell is set > to /bin/false instead of /bin/bash. > > > Thanks, > Corinna >[snip] -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Reasonably Related Threads
- [PATCH]: Change Cygwin contrib files to better support PrivSep
- [PATCH] contrip/cygwin: Reworking the installation support
- [patch/cygwin] contrib/cygwin/ssh-host-config
- [PATCH] contrib/cygwin/ssh-host-config: Reliability fix
- [PATCH] contrib/cygwin/ssh-user-config