diff options
Diffstat (limited to 'contrib/cygwin/README')
-rw-r--r-- | contrib/cygwin/README | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/contrib/cygwin/README b/contrib/cygwin/README new file mode 100644 index 000000000..8c9d0bb73 --- /dev/null +++ b/contrib/cygwin/README | |||
@@ -0,0 +1,137 @@ | |||
1 | This package is the actual port of OpenSSH to Cygwin 1.1. | ||
2 | |||
3 | =========================================================================== | ||
4 | Important change since 2.3.0p1: | ||
5 | |||
6 | When using `ntea' or `ntsec' you now have to care for the ownership | ||
7 | and permission bits of your host key files and your private key files. | ||
8 | The host key files have to be owned by the NT account which starts | ||
9 | sshd. The user key files have to be owned by the user. The permission | ||
10 | bits of the private key files (host and user) have to be at least | ||
11 | rw------- (0600)! | ||
12 | |||
13 | Note that this is forced under `ntsec' only if the files are on a NTFS | ||
14 | filesystem (which is recommended) due to the lack of any basic security | ||
15 | features of the FAT/FAT32 filesystems. | ||
16 | =========================================================================== | ||
17 | |||
18 | Since this package is part of the base distribution now, the location | ||
19 | of the files has changed from /usr/local to /usr. The global configuration | ||
20 | files are in /etc now. | ||
21 | |||
22 | If you are installing OpenSSH the first time, you can generate | ||
23 | global config files, server keys and your own user keys by running | ||
24 | |||
25 | /usr/bin/ssh-config | ||
26 | |||
27 | If you are updating your installation you may run the above ssh-config | ||
28 | as well to move your configuration files to the new location and to | ||
29 | erase the files at the old location. | ||
30 | |||
31 | Be sure to start the new ssh-config when updating! | ||
32 | |||
33 | Note that this binary archive doesn't contain default config files in /etc. | ||
34 | That files are only created if ssh-config is started. | ||
35 | |||
36 | Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd | ||
37 | (results in very slow deamon startup!) or from the command line (recommended | ||
38 | on 9X/ME). | ||
39 | |||
40 | If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the | ||
41 | following line to your inetd.conf file: | ||
42 | |||
43 | sshd stream tcp nowait root /usr/sbin/in.sshd sshd -i | ||
44 | |||
45 | Moreover you'll have to add the following line to your | ||
46 | ${SYSTEMROOT}/system32/drivers/etc/services file: | ||
47 | |||
48 | sshd 22/tcp #SSH daemon | ||
49 | |||
50 | Authentication to sshd is possible in one of two ways. | ||
51 | You'll have to decide before starting sshd! | ||
52 | |||
53 | - If you want to authenticate via RSA and you want to login to that | ||
54 | machine to exactly one user account you can do so by running sshd | ||
55 | under that user account. You must change /etc/sshd_config | ||
56 | to contain the following: | ||
57 | |||
58 | RSAAuthentication yes | ||
59 | |||
60 | Moreover it's possible to use rhosts and/or rhosts with | ||
61 | RSA authentication by setting the following in sshd_config: | ||
62 | |||
63 | RhostsAuthentication yes | ||
64 | RhostsRSAAuthentication yes | ||
65 | |||
66 | - If you want to be able to login to different user accounts you'll | ||
67 | have to start sshd under system account or any other account that | ||
68 | is able to switch user context. Note that administrators are _not_ | ||
69 | able to do that by default! You'll have to give the following | ||
70 | special user rights to the user: | ||
71 | "Act as part of the operating system" | ||
72 | "Replace process level token" | ||
73 | "Increase quotas" | ||
74 | and if used via service manager | ||
75 | "Logon as a service". | ||
76 | |||
77 | The system account does of course own that user rights by default. | ||
78 | |||
79 | Unfortunately, if you choose that way, you can only logon with | ||
80 | NT password authentification and you should change | ||
81 | /etc/sshd_config to contain the following: | ||
82 | |||
83 | PasswordAuthentication yes | ||
84 | RhostsAuthentication no | ||
85 | RhostsRSAAuthentication no | ||
86 | RSAAuthentication no | ||
87 | |||
88 | However you can login to the user which has started sshd with | ||
89 | RSA authentication anyway. If you want that, change the RSA | ||
90 | authentication setting back to "yes": | ||
91 | |||
92 | RSAAuthentication yes | ||
93 | |||
94 | You may use all features of the CYGWIN=ntsec setting the same | ||
95 | way as they are used by the `login' port on sources.redhat.com: | ||
96 | |||
97 | The pw_gecos field may contain an additional field, that begins | ||
98 | with (upper case!) "U-", followed by the domain and the username | ||
99 | separated by a backslash. | ||
100 | CAUTION: The SID _must_ remain the _last_ field in pw_gecos! | ||
101 | BTW: The field separator in pw_gecos is the comma. | ||
102 | The username in pw_name itself may be any nice name: | ||
103 | |||
104 | domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... | ||
105 | |||
106 | Now you may use `domuser' as your login name with telnet! | ||
107 | This is possible additionally for local users, if you don't like | ||
108 | your NT login name ;-) You only have to leave out the domain: | ||
109 | |||
110 | locuser::1104:513:John Doe,U-user,S-1-5-21-... | ||
111 | |||
112 | V2 server and user keys are generated by `ssh-config'. If you want to | ||
113 | create DSA keys by yourself, call ssh-keygen with `-d' option. | ||
114 | |||
115 | DSA authentication similar to RSA: | ||
116 | Add keys to ~/.ssh/authorized_keys2 | ||
117 | Interop. w/ ssh.com dsa-keys: | ||
118 | ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 | ||
119 | and vice versa: | ||
120 | ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub | ||
121 | echo Key mykey.pub >> ~/.ssh2/authorization | ||
122 | |||
123 | If you want to build from source, the following options to | ||
124 | configure are used for the Cygwin binary distribution: | ||
125 | |||
126 | --prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin | ||
127 | |||
128 | You must have installed the zlib, openssl and regex packages to | ||
129 | be able to build OpenSSH! | ||
130 | |||
131 | Please send requests, error reports etc. to cygwin@sources.redhat.com. | ||
132 | |||
133 | Have fun, | ||
134 | |||
135 | Corinna Vinschen <vinschen@cygnus.com> | ||
136 | Cygwin Developer | ||
137 | Red Hat Inc. | ||