Re: Openssh compatibility problem?

[Michael Makuch]

Charles Wilson wrote:
Michael Makuch wrote:
This is not a compatibility problem between cygwin/openssh versions. I
am now seeing the problem just trying to ssh from plum to plum (an XP
box). It seems that openssh 5.1 on cygwin is loaded with problems.
Anyone have it working? Anyone able to get it working without problems?


Works fine here. It appears that the issue is the configuration on
plum's server. Some things to check:

1) make sure that you have opened port 22/tcp in plum's firewall

2) make sure that /etc/hosts.allow includes the line 'sshd : ALL' (or
'sshd : ALL : allow'

3) for localhost testing (e.g 'ssh localhost' on plum) add the following
to /etc/hosts.allow *before* 'all : PARANOID : deny'

'all : localhost 127.0.0.1 : allow'

or 'all : localhost 127.0.0.1 [::1] : allow' if you're using cygwin-1.7.

4) You might consider installing the syslogd or syslog-ng service on
plum.  Shut down sshd, run 'syslog-config' or 'syslog-ng-config', then
'cygrunsrv -S syslogd' or 'cygrunsrv -S syslog-ng'.  THEN restart sshd.

Now, you can try to ssh to plum, and tcp_wrapper errors will be reported
to plum's /var/log/messages, as well as some other sshd errors.

--
Chuck


Mystery solved, mostly. After much agony.

Good to know about syslog for future reference, thanks.

I've been watching for errors in /var/log/sshd.log and was getting
"sshd 17472 child_copy: linked dll data write copy failed" which a
rebaseall seemed to clear up, but still did't let ssh work.

Culprit: /etc/hosts.allow and hosts.deny. Couple issues here.

1) On one occaision I found these with chmod 0;

$ ls -l hosts.allow hosts.deny
----------  1 mkm None 434 Jan  3 11:49 hosts.allow
----------+ 1 mkm None 225 Jan  3 00:38 hosts.deny

I don't know how or why but this was on a fresh cygwin install, latest 
bits DLd yesterday. I just re-confirmed a fresh install of cygwin
leaves these 2 files chmod 0.

Without read perms it appears that sshd will not allow ssh to connect 
from anywhere, local nor remote. With read perms things get better.

2) In some recent release the default hosts.allow has been modified to

ALL : PARANOID : deny
sshd: ALL

I am surmising that PARANOID is a relatively new feature and unsupported 
by openssh 4.5 - I deduce this since when I remove PARANOID I can then 
successfully ssh from openssh 4.5. In essence I would call this a 
"compatibility" issue between this version of Cygwin and the older ones.



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/