Another shapshot

Corinna Vinschen vinschen at redhat.com
Sun Oct 29 23:01:49 EST 2000


Damien Miller wrote:
> 
> I have just uploaded another snapshot to:
> 
> http://www.mindrot.org/misc/openssh/openssh-SNAP-20001028.tar.gz
> 
> Please test this one extra hard, it is likely to become 2.3.0p1 early
> next week.

             Host: i686-pc-cygwin
         Compiler: gcc
   Compiler flags: -g -O2 -Wall -I. -I. -I/usr/include
     Linker flags:  -L/usr/lib -L/usr
        Libraries: -lz  -lregex /usr/lib/textmode.o -lcrypto 

Compiles and works OOTB. I tested sftp-server now for the first time.
Works as well.

Nevertheless I had a problem with the interoperability between an
i686-pc-linux-gnu OpenSSH 2.1.1 and this snapshot. I couldn't use
protocol version 2. The debug output stated

	"dsa_verify: signature incorrect"

I tried that with both, a key pair created by ssh-keygen from 2.1.1
and a key pair created by ssh-keygen from the snapshot. No luck in
either way. If you need details feel free to ask.

I built the snapshot on the following system:

             Host: i686-pc-linux-gnu
         Compiler: gcc
   Compiler flags: -g -O2 -Wall -I. -I. -I/home/corinna/usr/include
     Linker flags:  -L/home/corinna/usr/lib -L/home/corinna/usr
        Libraries: -ldl -lnsl -lz  -lutil -lpam -lcrypto 

No problem at all. Smooth interoperability with the Cygwin snapshot
even with version 2 protocol.

Additionally I have attached a diff, which adds a `cygwin' subdirectory
to `contrib'. It contains the Cygwin specific README and a shell script
called `ssh-config'. It's part of the Cygwin OpenSSH binary distribution
and it's the only source which isn't part of the official sources yet.

It would be nice if these files could be added to the source tree prior
to release 2.3.0p1.

Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                        mailto:cygwin at sources.redhat.com
Red Hat, Inc.
mailto:vinschen at redhat.com
-------------- next part --------------
Index: openssh-20001028/contrib/cygwin/README
diff -u /dev/null openssh-20001028/contrib/cygwin/README:1.2
--- /dev/null	Sun Oct 29 12:38:35 2000
+++ openssh-20001028/contrib/cygwin/README	Sun Oct 29 12:37:48 2000
@@ -0,0 +1,137 @@
+This package is the actual port of OpenSSH to Cygwin 1.1.
+
+===========================================================================
+Important change since 2.3.0p1:
+
+When using `ntea' or `ntsec' you now have to care for the ownership
+and permission bits of your host key files and your private key files.
+The host key files have to be owned by the NT account which starts
+sshd. The user key files have to be owned by the user. The permission
+bits of the private key files (host and user) have to be at least
+rw------- (0600)!
+
+Note that this is forced under `ntsec' only if the files are on a NTFS
+filesystem (which is recommended) due to the lack of any basic security
+features of the FAT/FAT32 filesystems.
+===========================================================================
+
+Since this package is part of the base distribution now, the location
+of the files has changed from /usr/local to /usr. The global configuration
+files are in /etc now.
+
+If you are installing OpenSSH the first time, you can generate
+global config files, server keys and your own user keys by running
+   
+   /usr/bin/ssh-config
+
+If you are updating your installation you may run the above ssh-config
+as well to move your configuration files to the new location and to
+erase the files at the old location.
+
+Be sure to start the new ssh-config when updating!
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-config is started.
+
+Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
+(results in very slow deamon startup!) or from the command line (recommended
+on 9X/ME).
+
+If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
+following line to your inetd.conf file:
+
+sshd stream tcp nowait root /usr/sbin/in.sshd sshd -i
+
+Moreover you'll have to add the following line to your
+${SYSTEMROOT}/system32/drivers/etc/services file:
+
+   sshd         22/tcp          #SSH daemon
+
+Authentication to sshd is possible in one of two ways.
+You'll have to decide before starting sshd!
+
+- If you want to authenticate via RSA and you want to login to that
+  machine to exactly one user account you can do so by running sshd
+  under that user account. You must change /etc/sshd_config
+  to contain the following:
+
+  RSAAuthentication yes
+
+  Moreover it's possible to use rhosts and/or rhosts with
+  RSA authentication by setting the following in sshd_config:
+
+  RhostsAuthentication yes
+  RhostsRSAAuthentication yes
+
+- If you want to be able to login to different user accounts you'll
+  have to start sshd under system account or any other account that
+  is able to switch user context. Note that administrators are _not_
+  able to do that by default! You'll have to give the following
+  special user rights to the user:
+  "Act as part of the operating system"
+  "Replace process level token"
+  "Increase quotas"
+  and if used via service manager
+  "Logon as a service".
+
+  The system account does of course own that user rights by default.
+
+  Unfortunately, if you choose that way, you can only logon with
+  NT password authentification and you should change
+  /etc/sshd_config to contain the following:
+
+    PasswordAuthentication yes
+    RhostsAuthentication no
+    RhostsRSAAuthentication no
+    RSAAuthentication no
+
+  However you can login to the user which has started sshd with
+  RSA authentication anyway. If you want that, change the RSA
+  authentication setting back to "yes":
+     
+    RSAAuthentication yes
+
+You may use all features of the CYGWIN=ntsec setting the same
+way as they are used by the `login' port on sources.redhat.com:
+
+  The pw_gecos field may contain an additional field, that begins
+  with (upper case!) "U-", followed by the domain and the username
+  separated by a backslash.
+  CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
+  BTW: The field separator in pw_gecos is the comma.
+  The username in pw_name itself may be any nice name:
+
+    domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
+
+  Now you may use `domuser' as your login name with telnet!
+  This is possible additionally for local users, if you don't like
+  your NT login name ;-) You only have to leave out the domain:
+
+    locuser::1104:513:John Doe,U-user,S-1-5-21-...
+
+V2 server and user keys are generated by `ssh-config'. If you want to
+create DSA keys by yourself, call ssh-keygen with `-d' option.
+
+DSA authentication similar to RSA:
+    Add keys to ~/.ssh/authorized_keys2
+Interop. w/ ssh.com dsa-keys:
+    ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
+and vice versa:
+    ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
+    echo Key mykey.pub >> ~/.ssh2/authorization
+
+If you want to build from source, the following options to
+configure are used for the Cygwin binary distribution:
+
+--prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
+
+You must have installed the zlib, openssl and regex packages to
+be able to build OpenSSH!
+
+Please send requests, error reports etc. to cygwin at sources.redhat.com.
+
+Have fun,
+
+Corinna Vinschen <vinschen at cygnus.com>
+Cygwin Developer
+Red Hat Inc.
Index: openssh-20001028/contrib/cygwin/ssh-config
diff -u /dev/null openssh-20001028/contrib/cygwin/ssh-config:1.1
--- /dev/null	Sun Oct 29 12:38:35 2000
+++ openssh-20001028/contrib/cygwin/ssh-config	Sun Oct 29 12:26:04 2000
@@ -0,0 +1,324 @@
+#!/bin/sh
+#
+# ssh-config, Copyright 2000, Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+# set -x
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+# Subdirectory where an old package might be installed
+OLDPREFIX=/usr/local
+OLDSYSCONFDIR=${OLDPREFIX}/etc
+
+request()
+{
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+
+if ps -ef | grep -v grep | grep -q ssh
+then
+  echo
+  echo "There are still ssh processes running. Please shut them down first."
+  echo
+  exit 1
+fi
+
+# Check for ${SYSCONFDIR} directory
+
+if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
+then
+  echo
+  echo "${SYSCONFDIR} is existant but not a directory."
+  echo "Cannot create global configuration files."
+  echo
+  exit 1
+fi
+
+# Create it if necessary
+
+if [ ! -e "${SYSCONFDIR}" ]
+then
+  mkdir "${SYSCONFDIR}"
+  if [ ! -e "${SYSCONFDIR}" ]
+  then
+    echo
+    echo "Creating ${SYSCONFDIR} directory failed"
+    echo
+    exit 1
+  fi
+fi
+
+# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
+# the same as ${PREFIX}
+
+if [ "${OLDPREFIX}" != "${PREFIX}" ]
+then
+  if [ -f "${OLDPREFIX}/sbin/sshd" ]
+  then
+    echo
+    echo "You seem to have an older installation in ${OLDPREFIX}."
+    echo
+    # Check if old global configuration files exist
+    if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
+    then
+      if request "Do you want to copy your config files to your new installation?"
+      then
+        cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
+      fi
+    fi
+    if request "Do you want to erase your old installation?"
+    then
+      rm -f ${OLDPREFIX}/bin/ssh.exe
+      rm -f ${OLDPREFIX}/bin/ssh-config
+      rm -f ${OLDPREFIX}/bin/scp.exe
+      rm -f ${OLDPREFIX}/bin/ssh-add.exe
+      rm -f ${OLDPREFIX}/bin/ssh-agent.exe
+      rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
+      rm -f ${OLDPREFIX}/bin/slogin
+      rm -f ${OLDSYSCONFDIR}/ssh_host_key
+      rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
+      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
+      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
+      rm -f ${OLDSYSCONFDIR}/ssh_config
+      rm -f ${OLDSYSCONFDIR}/sshd_config
+      rm -f ${OLDPREFIX}/man/man1/ssh.1
+      rm -f ${OLDPREFIX}/man/man1/scp.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-add.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
+      rm -f ${OLDPREFIX}/man/man1/slogin.1
+      rm -f ${OLDPREFIX}/man/man8/sshd.8
+      rm -f ${OLDPREFIX}/sbin/sshd.exe
+      rm -f ${OLDPREFIX}/sbin/sftp-server.exe
+    fi
+  fi
+fi
+
+# First generate host keys if not already existing
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_key"
+  ssh-keygen -f ${SYSCONFDIR}/ssh_host_key -N ''
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+  ssh-keygen -d -f ${SYSCONFDIR}/ssh_host_dsa_key -N ''
+fi
+
+# Check if ssh_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/ssh_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
+  then
+    rm -f "${SYSCONFDIR}/ssh_config"
+    if [ -f "${SYSCONFDIR}/ssh_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
+    fi
+  fi
+fi
+
+# Create default ssh_config from here script
+
+if [ ! -f "${SYSCONFDIR}/ssh_config" ]
+then
+  echo "Creating default ${SYSCONFDIR}/ssh_config file"
+  cat > ${SYSCONFDIR}/ssh_config << EOF
+# This is ssh client systemwide configuration file.  This file provides 
+# defaults for users, and the values can be changed in per-user configuration
+# files or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for various options
+
+# Host *
+#   ForwardAgent yes
+#   ForwardX11 yes
+#   RhostsAuthentication yes
+#   RhostsRSAAuthentication yes
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   FallBackToRsh no
+#   UseRsh no
+#   BatchMode no
+#   CheckHostIP yes
+#   StrictHostKeyChecking no
+#   IdentityFile ~/.ssh/identity
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   EscapeChar ~
+
+# Be paranoid by default
+Host *
+        ForwardAgent no
+        ForwardX11 no
+        FallBackToRsh no
+EOF
+fi
+
+# Check if sshd_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/sshd_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
+  then
+    rm -f "${SYSCONFDIR}/sshd_config"
+    if [ -f "${SYSCONFDIR}/sshd_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
+    fi
+  fi
+fi
+
+# Create default sshd_config from here script
+
+if [ ! -f "${SYSCONFDIR}/sshd_config" ]
+then
+  echo "Creating default ${SYSCONFDIR}/sshd_config file"
+  cat > ${SYSCONFDIR}/sshd_config << EOF
+# This is ssh server systemwide configuration file.
+
+Port 22
+#Protocol 2,1
+ListenAddress 0.0.0.0
+#ListenAddress ::
+#HostKey /etc/ssh_host_key
+ServerKeyBits 768
+LoginGraceTime 600
+KeyRegenerationInterval 3600
+PermitRootLogin yes
+#
+# Don't read ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+StrictModes yes
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd yes
+KeepAlive yes
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+#obsoletes QuietMode and FascistLogging
+
+RhostsAuthentication no
+#
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+
+# To install for logon to different user accounts change to "no" here
+RSAAuthentication yes
+
+# To install for logon to different user accounts change to "yes" here
+PasswordAuthentication no
+
+PermitEmptyPasswords no
+
+CheckMail no
+UseLogin no
+
+#Uncomment if you want to enable sftp
+#Subsystem      sftp    /usr/sbin/sftp-server
+#MaxStartups 10:30:60
+EOF
+fi
+
+# Ask user if user identity should be generated
+
+if [ "X${HOME}" = "X" ]
+then
+  echo '$HOME is nonexistant. Cannot create user identity files.'
+  exit 1
+fi
+
+if [ ! -d "${HOME}" ]
+then
+  echo '$HOME is not a valid directory. Cannot create user identity files.'
+  exit 1
+fi
+
+# If HOME is the root dir, set HOME to empty string to avoid error messages
+# in subsequent parts of that script.
+if [ "X${HOME}" = "X/" ]
+then
+  HOME=''
+fi
+
+if [ -e "${HOME}/.ssh" -a ! -d "${HOME}/.ssh" ]
+then
+  echo '$HOME/.ssh is existant but not a directory. Cannot create user identity files.'
+  exit 1
+fi
+
+if [ ! -e "${HOME}/.ssh" ]
+then
+  mkdir "${HOME}/.ssh"
+  if [ ! -e "${HOME}/.ssh" ]
+  then
+    echo "Creating users ${HOME}/.ssh directory failed"
+    exit 1
+  fi
+fi
+
+if [ ! -f "${HOME}/.ssh/identity" ]
+then
+  if request "Shall I create an RSA identity file for you?"
+  then
+    echo "Generating ${HOME}/.ssh/identity"
+    ssh-keygen -f "${HOME}/.ssh/identity"
+  fi
+fi
+
+if [ ! -f "${HOME}/.ssh/id_dsa" ]
+then
+  if request "Shall I create an DSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${HOME}/.ssh/id_dsa"
+    ssh-keygen -d -f "${HOME}/.ssh/id_dsa"
+  fi
+fi
+
+echo
+echo "Note: If you have used sshd as service or from inetd, don't forget to"
+echo "      change the path to sshd.exe in the service entry or in inetd.conf."
+echo
+echo "Configuration finished. Have fun!"




More information about the openssh-unix-dev mailing list