>>>>> "CV" == Corinna Vinschen <[EMAIL PROTECTED]> writes:
CV> Things to check: CV> - /usr/sbin/sshd.exe, /bin/cygwin1.dll, /bin/cygcrypto.dll, /bin/cygz.dll CV> executable for everyone? $ ls -l /usr/sbin/sshd.exe /bin/cygwin1.dll /bin/cygcrypto.dll /bin/cygz.dll -rwxrwxrwx 1 Administ None 657920 Nov 9 11:58 /bin/cygcrypto.dll -rwxrwxrwx 1 Administ None 940360 Nov 23 05:20 /bin/cygwin1.dll -rwxrwxrwx 1 Administ None 50688 Mar 12 2002 /bin/cygz.dll -rwxrwxrwx 1 Administ None 305664 Nov 9 11:20 /usr/sbin/sshd.exe A bit liberal, maybe... Usually -r-xr-xr-x should be enough? (Also below) CV> - /etc readable for everyone but only writable by the owner? $ ls -ld /etc drwxrwxrwx 6 Administ None 4096 Nov 28 14:11 /etc CV> - /etc/passwd, /etc/group readable for everyone? $ ls -l /etc/passwd /etc/group -rwxrwxrwx 1 Administ None 468 Nov 26 17:12 /etc/group -rwxrwxrwx 1 Administ None 2904 Nov 26 17:20 /etc/passwd CV> - /etc/passwd and /etc/group contain uid/gid 18 entry for SYSTEM, both CV> with SID in either pw_gecos or gr_passwd field? $ grep -E '\<18\>' /etc/passwd /etc/group /etc/passwd:SYSTEM:*:18:544:,S-1-5-18:: /etc/group:SYSTEM:S-1-5-18:18:8: Not sure about the positions... CV> - /etc/passwd contains sshd entry? $ grep -E '\<sshd\>' /etc/passwd sshd:unused_by_nt/2000/xp:1021:513:sshd privsep,U-HEITSB03LAB\sshd,S-1-5-21-1935655697-1409082233-1801674531-1021:/var/empty:/bin/false CV> - /etc/ssh* owned by SYSTEM? $ ls -l /etc/ssh* -rw-rw-rw- 1 NOSP_Adm None 1049 Nov 27 12:42 /etc/ssh_config -rw------- 1 NOSP_Adm None 668 Nov 27 12:42 /etc/ssh_host_dsa_key -rw-r--r-- 1 NOSP_Adm None 612 Nov 27 12:42 /etc/ssh_host_dsa_key.pub -rw------- 1 NOSP_Adm None 537 Nov 27 12:42 /etc/ssh_host_key -rw-r--r-- 1 NOSP_Adm None 341 Nov 27 12:42 /etc/ssh_host_key.pub -rw------- 1 NOSP_Adm None 887 Nov 27 12:42 /etc/ssh_host_rsa_key -rw-r--r-- 1 NOSP_Adm None 232 Nov 27 12:42 /etc/ssh_host_rsa_key.pub -rw-rw-rw- 1 NOSP_Adm None 2142 Nov 27 12:42 /etc/sshd_config Changed to SYSTEM:SYSTEM CV> - /etc/ssh*key files only writable by owner SYSTEM? $ ls -l /etc/ssh*key -rw------- 1 SYSTEM SYSTEM 668 Nov 27 12:42 /etc/ssh_host_dsa_key -rw------- 1 SYSTEM SYSTEM 537 Nov 27 12:42 /etc/ssh_host_key -rw------- 1 SYSTEM SYSTEM 887 Nov 27 12:42 /etc/ssh_host_rsa_key CV> - /var/empty owned by SYSTEM? CV> - /var/empty permissions only writable by owner SYSTEM? $ ls -ld /var/empty drwxr-xr-x 2 SYSTEM SYSTEM 0 Nov 26 17:19 /var/empty And yes, it started... Thank You very much! -- Marc Girod P.O. Box 323 Voice: +358-71 80 25581 Nokia NBI 00045 NOKIA Group Mobile: +358-50 38 78415 Takomo 1 / 4c27 Finland Fax: +358-71 80 61604 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
