summaryrefslogtreecommitdiffstats
path: root/contrib
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-07-18 18:25:41 +0200
committerBen Lindstrom <mouring@eviladmin.org>2001-07-18 18:25:41 +0200
commita5820295c343b19d80a01eca537463a8c890e995 (patch)
tree7e12a4323e188244f0702073dd3bb6ed603bfd71 /contrib
parent - (bal) Allow sshd to switch user context without password for Cygwin. (diff)
downloadopenssh-a5820295c343b19d80a01eca537463a8c890e995.tar.xz
openssh-a5820295c343b19d80a01eca537463a8c890e995.zip
*** empty log message ***
Diffstat (limited to 'contrib')
-rw-r--r--contrib/cygwin/README48
-rw-r--r--contrib/cygwin/ssh-host-config55
2 files changed, 78 insertions, 25 deletions
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index f9d03944f..dfe178679 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -1,4 +1,13 @@
-This package is the actual port of OpenSSH to Cygwin 1.1.
+This package is the actual port of OpenSSH to Cygwin 1.3.
+
+===========================================================================
+Important change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+===========================================================================
===========================================================================
Important change since 2.3.0p1:
@@ -37,6 +46,9 @@ Options:
--no -n Answer all questions with "no" automatically.
--port -p <n> sshd listens on port n.
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
You can create the private and public keys for a user now by running
/usr/bin/ssh-user-config
@@ -53,16 +65,12 @@ Options:
--no -n Answer all questions with "no" automatically.
--passphrase -p word Use "word" as passphrase automatically.
-Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
(results in very slow deamon startup!) or from the command line (recommended
on 9X/ME).
-If you start sshd as deamon via SRVANY.EXE you will see two
-sshd processes in the process list unless you give the "-D"
-option to sshd. That will avoid that sshd detaches from the
-controlling terminal and it will remain under process control
-of SRVANY.EXE. That allows easy killing of the service by
-using the `net stop <servicename>' command.
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at all.
If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
following line to your inetd.conf file:
@@ -74,6 +82,10 @@ ${SYSTEMROOT}/system32/drivers/etc/services file:
sshd 22/tcp #SSH daemon
+===========================================================================
+The following restrictions only apply to Cygwin versions up to 1.3.1
+===========================================================================
+
Authentication to sshd is possible in one of two ways.
You'll have to decide before starting sshd!
@@ -145,26 +157,22 @@ way as they are used by the `login' port on sources.redhat.com:
SSH2 server and user keys are generated by the `ssh-*-config' scripts
as well.
-SSH2 authentication similar to SSH1:
- Add keys to ~/.ssh/authorized_keys2
-Interop. w/ ssh.com dsa-keys:
- ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
-and vice versa:
- ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
- echo Key mykey.pub >> ~/.ssh2/authorization
-
If you want to build from source, the following options to
configure are used for the Cygwin binary distribution:
---prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir='${exec_prefix}/sbin \
+ --with-pcre
You must have installed the zlib, openssl and regex packages to
-be able to build OpenSSH!
+be able to build OpenSSH! The `--with-pcre' option requires
+the installation of the pcre package.
-Please send requests, error reports etc. to cygwin@sources.redhat.com.
+Please send requests, error reports etc. to cygwin@cygwin.com.
Have fun,
-Corinna Vinschen <vinschen@cygnus.com>
+Corinna Vinschen <vinschen@redhat.com>
Cygwin Developer
Red Hat Inc.
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 70bbafdb7..83eff3a13 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -309,7 +309,13 @@ PermitRootLogin yes
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
-StrictModes yes
+
+#
+# The following setting overrides permission checks on host key files
+# and directories. For security reasons set this to "yes" when running
+# NT/W2K, NTFS and CYGWIN=ntsec.
+StrictModes no
+
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
@@ -325,12 +331,9 @@ RhostsAuthentication no
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
-# To install for logon to different user accounts change to "no" here
RSAAuthentication yes
-# To install for logon to different user accounts change to "yes" here
-PasswordAuthentication no
-
+PasswordAuthentication yes
PermitEmptyPasswords no
CheckMail no
@@ -438,6 +441,48 @@ then
fi
fi
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+ echo "Creating /var/log failed\!"
+else
+ if [ ! -d /var/log ]
+ then
+ mkdir /var/log
+ fi
+ if [ -d /var/log/lastlog ]
+ then
+ echo "Creating /var/log/lastlog failed\!"
+ elif [ ! -f /var/log/lastlog ]
+ then
+ cat /dev/null > /var/log/lastlog
+ fi
+fi
+
+# On NT ask if sshd should be installed as service
+if [ $_nt -gt 0 ]
+then
+ echo
+ echo "Do you want to install sshd as service?"
+ if request "(Say \"no\" if it's already installed as service)"
+ then
+ echo
+ echo "Which value should the environment variable CYGWIN have when"
+ echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
+ echo "able to change user context without password."
+ echo -n "Default is \"binmode ntsec tty\". CYGWIN="
+ read _cygwin
+ [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
+ if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+ then
+ chown system /etc/ssh*
+ echo
+ echo "The service has been installed under LocalSystem account."
+ fi
+ fi
+fi
+
if [ "${old_install}" = "1" ]
then
echo