Hello I just wanted to share the solution which finally let me run the sshd on a Windows 2003 Domain Controller. Essentially, thanks to Corinna Vinschen, it now works. The details: 1. Create a new account, DO NOT name it "sshd" - I used "sshdService" 2. Add the account to the (domain local) "Administrators" group 3. Open "Active Directory Users and Computers", navigate to the "Domain Controllers" OU -> Properties, open "Default Domain Controllers Policy". Go to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> User Rights Assignment. There, in the right hand pane, doubleclick on "Create a token object" and add the "sshdService" account. IMPORTANT: Doing this in the local security policy won't accomplish a thing, since the settings in this group policy override any local policy settings! 4. Install cygwin, run "ssh-host-config -y", select at least "ntsec" security setting. 5. In Windows, open the properties of the Cygwin SSHD Service and change the login account to "sshdService". You should get a message saying that "sshdService" has been granted "logon as a service" right. You could have assigned that right manually in 3.) as well. 6. chmod 740 /etc/profile (ls -l on /etc/profile showed rights -rwx------); until now, "740" seems to work, no need to "770". 7. chmod 770 /etc/ssh_host*key (this is quick and very dirty, since it gives the "Domain Users" group read and write access to the keys. Chown might be the better approach) 8. chown sshdService /var/empty (/var/log/sshd.log showed "/var/empty must be owned by root and not group or world-writable."; was owned by SYSTEM. The error must be because sshd now doesn't run under SYSTEM account any more).
sshd has been running for several hours now, including one reboot just to see if it really, really likes me now ;-). There are still one or two minor issues, though, I'll put them in an additional mail just to keep this one "clean". Thank you again all for your help. Fermin -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
