[PATCH]: Cygwin: Changes to cygwin contrib area

Thu Jul 12 06:42:43 EST 2001

Hi,

the following patch changes two files in the contrib/cygwin subdir:

It changes the Cygwin specific README file which adds some hints
related to the new feature to switch user context without password
(which means using public key and/or rhosts authentication). Some
old stuff is erased.

The changes to ssh-host-config are intended to allow an easier
startup for users which are new to Cygwin and/or OpenSSH.

Corinna

Index: contrib/cygwin/README
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/README,v
retrieving revision 1.5
diff -u -p -r1.5 README

--- contrib/cygwin/README	2001/05/03 22:45:22	1.5
+++ contrib/cygwin/README	2001/07/11 20:40:02
@@ -1,6 +1,15 @@
-This package is the actual port of OpenSSH to Cygwin 1.1.
+This package is the actual port of OpenSSH to Cygwin 1.3.
 
 ===========================================================================
+Important change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+===========================================================================
+
+===========================================================================
 Important change since 2.3.0p1:
 
 When using `ntea' or `ntsec' you now have to care for the ownership
@@ -37,6 +46,9 @@ Options:
     --no         -n        Answer all questions with "no" automatically.
     --port       -p <n>    sshd listens on port n.
 
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
 You can create the private and public keys for a user now by running
 
   /usr/bin/ssh-user-config
@@ -53,16 +65,12 @@ Options:
     --no         -n        Answer all questions with "no" automatically.
     --passphrase -p word   Use "word" as passphrase automatically.
 
-Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
 (results in very slow deamon startup!) or from the command line (recommended
 on 9X/ME).
 
-If you start sshd as deamon via SRVANY.EXE you will see two
-sshd processes in the process list unless you give the "-D"
-option to sshd. That will avoid that sshd detaches from the
-controlling terminal and it will remain under process control
-of SRVANY.EXE. That allows easy killing of the service by
-using the `net stop <servicename>' command.
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at all.
 
 If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
 following line to your inetd.conf file:
@@ -74,6 +82,10 @@ ${SYSTEMROOT}/system32/drivers/etc/servi
 
    sshd         22/tcp          #SSH daemon
 
+===========================================================================
+The following restrictions only apply to Cygwin versions up to 1.3.1
+===========================================================================
+
 Authentication to sshd is possible in one of two ways.
 You'll have to decide before starting sshd!
 
@@ -145,26 +157,22 @@ way as they are used by the `login' port
 SSH2 server and user keys are generated by the `ssh-*-config' scripts
 as well.
 
-SSH2 authentication similar to SSH1:
-    Add keys to ~/.ssh/authorized_keys2
-Interop. w/ ssh.com dsa-keys:
-    ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
-and vice versa:
-    ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
-    echo Key mykey.pub >> ~/.ssh2/authorization
-
 If you want to build from source, the following options to
 configure are used for the Cygwin binary distribution:
 
---prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--libexecdir='${exec_prefix}/sbin \
+	--with-pcre
 
 You must have installed the zlib, openssl and regex packages to
-be able to build OpenSSH!
+be able to build OpenSSH! The `--with-pcre' option requires
+the installation of the pcre package.
 
-Please send requests, error reports etc. to cygwin at sources.redhat.com.
+Please send requests, error reports etc. to cygwin at cygwin.com.
 
 Have fun,
 
-Corinna Vinschen <vinschen at cygnus.com>
+Corinna Vinschen <vinschen at redhat.com>
 Cygwin Developer
 Red Hat Inc.
Index: contrib/cygwin/ssh-host-config
===================================================================
RCS file: /cvs/openssh_cvs/contrib/cygwin/ssh-host-config,v
retrieving revision 1.2
diff -u -p -r1.2 ssh-host-config
--- contrib/cygwin/ssh-host-config	2001/03/07 10:38:19	1.2
+++ contrib/cygwin/ssh-host-config	2001/07/11 20:40:03
@@ -309,7 +309,13 @@ PermitRootLogin yes
 IgnoreRhosts yes
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
-StrictModes yes
+
+#
+# The following setting overrides permission checks on host key files
+# and directories. For security reasons set this to "yes" when running
+# NT/W2K, NTFS and CYGWIN=ntsec.
+StrictModes no
+
 X11Forwarding no
 X11DisplayOffset 10
 PrintMotd yes
@@ -325,12 +331,9 @@ RhostsAuthentication no
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 RhostsRSAAuthentication no
 
-# To install for logon to different user accounts change to "no" here
 RSAAuthentication yes
 
-# To install for logon to different user accounts change to "yes" here
-PasswordAuthentication no
-
+PasswordAuthentication yes
 PermitEmptyPasswords no
 
 CheckMail no
@@ -435,6 +438,48 @@ then
       echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd -i' >> "${_inetcnf}"
     fi
     echo "Added ssh to ${_inetcnf}"
+  fi
+fi
+
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+  echo "Creating /var/log failed\!"
+else
+  if [ ! -d /var/log ]
+  then
+    mkdir /var/log
+  fi
+  if [ -d /var/log/lastlog ]
+  then
+    echo "Creating /var/log/lastlog failed\!"
+  elif [ ! -f /var/log/lastlog ]
+  then
+    cat /dev/null > /var/log/lastlog
+  fi
+fi
+
+# On NT ask if sshd should be installed as service
+if [ $_nt -gt 0 ]
+then
+  echo
+  echo "Do you want to install sshd as service?"
+  if request "(Say \"no\" if it's already installed as service)"
+  then
+    echo
+    echo "Which value should the environment variable CYGWIN have when"
+    echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
+    echo "able to change user context without password."
+    echo -n "Default is \"binmode ntsec tty\".  CYGWIN="
+    read _cygwin
+    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
+    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+    then
+      chown system /etc/ssh*
+      echo
+      echo "The service has been installed under LocalSystem account."
+    fi
   fi
 fi
 

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

