Re: Cygwin and SSH

From: Philip Le Riche (pleriche@altair.steria.co.uk)
Date: 12/09/02

  • Next message: Jeff Koenig: "Re: Trusted SSH on Solaris" 
    From: Philip Le Riche <pleriche@altair.steria.co.uk>
To: samuelf_stefanini@ctbctelecom.net.br
Date: Mon, 9 Dec 2002 16:44:53 +0000 (GMT)

    First, you need to set up an sshd_config. Best put it in /etc/openssh.
    Here's one I made earlier:

    # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    #Protocol 2,1
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    PidFile /var/openssh/sshd.pid

    # HostKey for protocol version 1
    HostKey /etc/openssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/openssh/ssh_host_rsa_key
    HostKey /etc/openssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 3600
    #ServerKeyBits 768

    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 600
    #PermitRootLogin yes
    #StrictModes yes

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # rhosts authentication should not be used
    #RhostsAuthentication no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    #AFSTokenPassing no

    # Kerberos TGT Passing only works with the AFS kaserver
    #KerberosTgtPassing no

    # Set this to 'yes' to enable PAM keyboard-interactive authentication
    # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
    #PAMAuthenticationViaKbdInt yes

    #X11Forwarding no
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #KeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #Compression yes

    #MaxStartups 10
    # no default banner path
    #Banner /some/path
    #VerifyReverseMapping no

    # override default of no subsystems
    Subsystem sftp /usr/local/libexec/sftp-server

    Then create some keys, e.g.

    ssh-keygen -t rsa1 -f /etc/openssh/ssh_host_key -N ""
    ssh-keygen -t dsa -f /etc/openssh/ssh_host_dsa_key -N ""
    ssh-keygen -t rsa -f /etc/openssh/ssh_host_rsa_key -N ""

    The following couple of lines I pinched from an rc.openssh on an AIX
    machine:

    read a b c d </etc/openssh/ssh_host_key.pub
    echo $hostname $a $b $c >>/etc/openssh/ssh_known_hosts

    On your client, create a user key, e.g.

    ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -N ""

    Copy the public key $HOME/.ssh/id_rsa.pub to the cygwin server and
    append to .ssh/authorized_keys

    Start sshd with:

    /usr/sbin/sshd -f /etc/openssh/sshd_config

    Go back to your client machine and try:

    ssh -l <user> <ip addr or hostname of server>

    where <user> is what comes before the @ before each bash command
    prompt.

    Have I forgotten anything? You get the general idea.

    The first time you get a remote bash prompt from a win9x box is magic!
    Who wants a DOS prompt?

    - Philip

    samuelf_stefanini@ctbctelecom.net.br scrawls:
    >
    > Hello,
    >
    > How to configure CYGWIN to execute conections via SSH?
    >
    > Someone know
    >
    > Tanks
    >
    > Samuel
    >
    >
    >
    >
    > 

    -- 
==============================================================================
Philip Le Riche                            Voice: +44 1442 884390
(Ouaithe qu'i' sait L'Riche, chu           Fax:   +44 1442 884943
pouôrre baloque né pâle pon l'Jèrriais)    Email: pleriche@altair.steria.co.uk
==============================================================================

    Relevant Pages

    • Re: Attempting my first port forwarding through SSH
      ... you're surfing via the remote system with no software on the remote server other than sshd. ... I have changed some settings in the Firefox network set up to see if the problem solved, I changed socks5 for socks4 but nothing, and deleted the "No proxy for:localhost" to see if anything worked, but basically the browser still does nothing, I think my Firefox settings are correct. ... # To enable empty passwords, ... # Kerberos options ...
      (comp.security.ssh)
    • sshd and IPv4 forwarding no longer working
      ... I performed a recent upgrade and possibly openssh got upgraded as well. ... but not from another server. ... # To enable empty passwords, ... # Kerberos options ...
      (Ubuntu)
    • OpenSSH 3.6.1p2 Inoperability Issue
      ... I am running a Linux Debian server at home, ... sshd will not accept connections. ... passwords, even if it is correct, is just says access denied. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (SSH)
    • OpenSSH Assistance - New Admin
      ... The first thing I was told was to upgrade our SSH server. ... # HostKeys for protocol version 2 ... # To enable empty passwords, ... # Kerberos TGT Passing does only work with the AFS kaserver ...
      (comp.os.linux.networking)
    • Re: Cannot telnet some ports
      ... Some with remote administration feature I believe. ... POP3 Server 110 ... # Network services, Internet style ... kerberos 750/udp kdc # Kerberos udp ...
      (microsoft.public.windows.server.general)