diff --git a/ChangeLog b/ChangeLog index 19286c6bb..f448a9aa2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ - (bal) Cleaned up trailing spaces in ChangeLog. - (bal) Allow sshd to switch user context without password for Cygwin. Patch by Corinna Vinschen + - (bal) Updated cygwin README and ssh-host-config. Patch by + Patch by Corinna Vinschen 20010715 - (bal) Set "BROKEN_GETADDRINFO" for darwin platform. Reported by @@ -6061,4 +6063,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1411 2001/07/18 16:19:48 mouring Exp $ +$Id: ChangeLog,v 1.1412 2001/07/18 16:25:41 mouring Exp $ diff --git a/contrib/cygwin/README b/contrib/cygwin/README index f9d03944f..dfe178679 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -1,4 +1,13 @@ -This package is the actual port of OpenSSH to Cygwin 1.1. +This package is the actual port of OpenSSH to Cygwin 1.3. + +=========================================================================== +Important change since 2.9p2: + +Since Cygwin is able to switch user context without password beginning +with version 1.3.2, OpenSSH now allows to do so when it's running under +a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to +allow that feature. +=========================================================================== =========================================================================== Important change since 2.3.0p1: @@ -37,6 +46,9 @@ Options: --no -n Answer all questions with "no" automatically. --port -p sshd listens on port n. +Additionally ssh-host-config now asks if it should install sshd as a +service when running under NT/W2K. This requires cygrunsrv installed. + You can create the private and public keys for a user now by running /usr/bin/ssh-user-config @@ -53,16 +65,12 @@ Options: --no -n Answer all questions with "no" automatically. --passphrase -p word Use "word" as passphrase automatically. -Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd +Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd (results in very slow deamon startup!) or from the command line (recommended on 9X/ME). -If you start sshd as deamon via SRVANY.EXE you will see two -sshd processes in the process list unless you give the "-D" -option to sshd. That will avoid that sshd detaches from the -controlling terminal and it will remain under process control -of SRVANY.EXE. That allows easy killing of the service by -using the `net stop ' command. +If you start sshd as deamon via cygrunsrv.exe you MUST give the +"-D" option to sshd. Otherwise the service can't get started at all. If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the following line to your inetd.conf file: @@ -74,6 +82,10 @@ ${SYSTEMROOT}/system32/drivers/etc/services file: sshd 22/tcp #SSH daemon +=========================================================================== +The following restrictions only apply to Cygwin versions up to 1.3.1 +=========================================================================== + Authentication to sshd is possible in one of two ways. You'll have to decide before starting sshd! @@ -145,26 +157,22 @@ way as they are used by the `login' port on sources.redhat.com: SSH2 server and user keys are generated by the `ssh-*-config' scripts as well. -SSH2 authentication similar to SSH1: - Add keys to ~/.ssh/authorized_keys2 -Interop. w/ ssh.com dsa-keys: - ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 -and vice versa: - ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub - echo Key mykey.pub >> ~/.ssh2/authorization - If you want to build from source, the following options to configure are used for the Cygwin binary distribution: ---prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin + --prefix=/usr \ + --sysconfdir=/etc \ + --libexecdir='${exec_prefix}/sbin \ + --with-pcre You must have installed the zlib, openssl and regex packages to -be able to build OpenSSH! +be able to build OpenSSH! The `--with-pcre' option requires +the installation of the pcre package. -Please send requests, error reports etc. to cygwin@sources.redhat.com. +Please send requests, error reports etc. to cygwin@cygwin.com. Have fun, -Corinna Vinschen +Corinna Vinschen Cygwin Developer Red Hat Inc. diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 70bbafdb7..83eff3a13 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -309,7 +309,13 @@ PermitRootLogin yes IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes -StrictModes yes + +# +# The following setting overrides permission checks on host key files +# and directories. For security reasons set this to "yes" when running +# NT/W2K, NTFS and CYGWIN=ntsec. +StrictModes no + X11Forwarding no X11DisplayOffset 10 PrintMotd yes @@ -325,12 +331,9 @@ RhostsAuthentication no # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no -# To install for logon to different user accounts change to "no" here RSAAuthentication yes -# To install for logon to different user accounts change to "yes" here -PasswordAuthentication no - +PasswordAuthentication yes PermitEmptyPasswords no CheckMail no @@ -438,6 +441,48 @@ then fi fi +# Create /var/log and /var/log/lastlog if not already existing + +if [ -f /var/log ] +then + echo "Creating /var/log failed\!" +else + if [ ! -d /var/log ] + then + mkdir /var/log + fi + if [ -d /var/log/lastlog ] + then + echo "Creating /var/log/lastlog failed\!" + elif [ ! -f /var/log/lastlog ] + then + cat /dev/null > /var/log/lastlog + fi +fi + +# On NT ask if sshd should be installed as service +if [ $_nt -gt 0 ] +then + echo + echo "Do you want to install sshd as service?" + if request "(Say \"no\" if it's already installed as service)" + then + echo + echo "Which value should the environment variable CYGWIN have when" + echo "sshd starts? It's recommended to set at least \"ntsec\" to be" + echo "able to change user context without password." + echo -n "Default is \"binmode ntsec tty\". CYGWIN=" + read _cygwin + [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" + then + chown system /etc/ssh* + echo + echo "The service has been installed under LocalSystem account." + fi + fi +fi + if [ "${old_install}" = "1" ] then echo