diff options
Diffstat (limited to 'contrib/cygwin/README')
-rw-r--r-- | contrib/cygwin/README | 134 |
1 files changed, 75 insertions, 59 deletions
diff --git a/contrib/cygwin/README b/contrib/cygwin/README index ec58964c9..fc0a2f69b 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README | |||
@@ -1,4 +1,49 @@ | |||
1 | This package is the actual port of OpenSSH to Cygwin 1.5. | 1 | This package describes important Cygwin specific stuff concerning OpenSSH. |
2 | |||
3 | The binary package is usually built for recent Cygwin versions and might | ||
4 | not run on older versions. Please check http://cygwin.com/ for information | ||
5 | about current Cygwin releases. | ||
6 | |||
7 | Build instructions are at the end of the file. | ||
8 | |||
9 | =========================================================================== | ||
10 | Important change since 3.7.1p2-2: | ||
11 | |||
12 | The ssh-host-config file doesn't create the /etc/ssh_config and | ||
13 | /etc/sshd_config files from builtin here-scripts anymore, but it uses | ||
14 | skeleton files installed in /etc/defaults/etc. | ||
15 | |||
16 | Also it now tries hard to create appropriate permissions on files. | ||
17 | Same applies for ssh-user-config. | ||
18 | |||
19 | After creating the sshd service with ssh-host-config, it's advisable to | ||
20 | call ssh-user-config for all affected users, also already exising user | ||
21 | configurations. In the latter case, file and directory permissions are | ||
22 | checked and changed, if requireed to match the host configuration. | ||
23 | |||
24 | Important note for Windows 2003 Server users: | ||
25 | --------------------------------------------- | ||
26 | |||
27 | 2003 Server has a funny new feature. When starting services under SYSTEM | ||
28 | account, these services have nearly all user rights which SYSTEM holds... | ||
29 | except for the "Create a token object" right, which is needed to allow | ||
30 | public key authentication :-( | ||
31 | |||
32 | There's no way around this, except for creating a substitute account which | ||
33 | has the appropriate privileges. Basically, this account should be member | ||
34 | of the administrators group, plus it should have the following user rights: | ||
35 | |||
36 | Create a token object | ||
37 | Logon as a service | ||
38 | Replace a process level token | ||
39 | Increase Quota | ||
40 | |||
41 | The ssh-host-config script asks you, if it should create such an account, | ||
42 | called "sshd_server". If you say "no" here, you're on your own. Please | ||
43 | follow the instruction in ssh-host-config exactly if possible. Note that | ||
44 | ssh-user-config sets the permissions on 2003 Server machines dependent of | ||
45 | whether a sshd_server account exists or not. | ||
46 | =========================================================================== | ||
2 | 47 | ||
3 | =========================================================================== | 48 | =========================================================================== |
4 | Important change since 3.4p1-2: | 49 | Important change since 3.4p1-2: |
@@ -58,7 +103,7 @@ features of the FAT/FAT32 filesystems. | |||
58 | 103 | ||
59 | If you are installing OpenSSH the first time, you can generate global config | 104 | If you are installing OpenSSH the first time, you can generate global config |
60 | files and server keys by running | 105 | files and server keys by running |
61 | 106 | ||
62 | /usr/bin/ssh-host-config | 107 | /usr/bin/ssh-host-config |
63 | 108 | ||
64 | Note that this binary archive doesn't contain default config files in /etc. | 109 | Note that this binary archive doesn't contain default config files in /etc. |
@@ -73,10 +118,12 @@ some options: | |||
73 | 118 | ||
74 | usage: ssh-host-config [OPTION]... | 119 | usage: ssh-host-config [OPTION]... |
75 | Options: | 120 | Options: |
76 | --debug -d Enable shell's debug output. | 121 | --debug -d Enable shell's debug output. |
77 | --yes -y Answer all questions with "yes" automatically. | 122 | --yes -y Answer all questions with "yes" automatically. |
78 | --no -n Answer all questions with "no" automatically. | 123 | --no -n Answer all questions with "no" automatically. |
79 | --port -p <n> sshd listens on port n. | 124 | --cygwin -c <options> Use "options" as value for CYGWIN environment var. |
125 | --port -p <n> sshd listens on port n. | ||
126 | --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. | ||
80 | 127 | ||
81 | Additionally ssh-host-config now asks if it should install sshd as a | 128 | Additionally ssh-host-config now asks if it should install sshd as a |
82 | service when running under NT/W2K. This requires cygrunsrv installed. | 129 | service when running under NT/W2K. This requires cygrunsrv installed. |
@@ -114,54 +161,6 @@ ${SYSTEMROOT}/system32/drivers/etc/services file: | |||
114 | 161 | ||
115 | ssh 22/tcp #SSH daemon | 162 | ssh 22/tcp #SSH daemon |
116 | 163 | ||
117 | =========================================================================== | ||
118 | The following restrictions only apply to Cygwin versions up to 1.3.1 | ||
119 | =========================================================================== | ||
120 | |||
121 | Authentication to sshd is possible in one of two ways. | ||
122 | You'll have to decide before starting sshd! | ||
123 | |||
124 | - If you want to authenticate via RSA and you want to login to that | ||
125 | machine to exactly one user account you can do so by running sshd | ||
126 | under that user account. You must change /etc/sshd_config | ||
127 | to contain the following: | ||
128 | |||
129 | RSAAuthentication yes | ||
130 | |||
131 | Moreover it's possible to use rhosts and/or rhosts with | ||
132 | RSA authentication by setting the following in sshd_config: | ||
133 | |||
134 | RhostsAuthentication yes | ||
135 | RhostsRSAAuthentication yes | ||
136 | |||
137 | - If you want to be able to login to different user accounts you'll | ||
138 | have to start sshd under system account or any other account that | ||
139 | is able to switch user context. Note that administrators are _not_ | ||
140 | able to do that by default! You'll have to give the following | ||
141 | special user rights to the user: | ||
142 | "Act as part of the operating system" | ||
143 | "Replace process level token" | ||
144 | "Increase quotas" | ||
145 | and if used via service manager | ||
146 | "Logon as a service". | ||
147 | |||
148 | The system account does of course own that user rights by default. | ||
149 | |||
150 | Unfortunately, if you choose that way, you can only logon with | ||
151 | NT password authentification and you should change | ||
152 | /etc/sshd_config to contain the following: | ||
153 | |||
154 | PasswordAuthentication yes | ||
155 | RhostsAuthentication no | ||
156 | RhostsRSAAuthentication no | ||
157 | RSAAuthentication no | ||
158 | |||
159 | However you can login to the user which has started sshd with | ||
160 | RSA authentication anyway. If you want that, change the RSA | ||
161 | authentication setting back to "yes": | ||
162 | |||
163 | RSAAuthentication yes | ||
164 | |||
165 | Please note that OpenSSH does never use the value of $HOME to | 164 | Please note that OpenSSH does never use the value of $HOME to |
166 | search for the users configuration files! It always uses the | 165 | search for the users configuration files! It always uses the |
167 | value of the pw_dir field in /etc/passwd as the home directory. | 166 | value of the pw_dir field in /etc/passwd as the home directory. |
@@ -169,7 +168,7 @@ If no home diretory is set in /etc/passwd, the root directory | |||
169 | is used instead! | 168 | is used instead! |
170 | 169 | ||
171 | You may use all features of the CYGWIN=ntsec setting the same | 170 | You may use all features of the CYGWIN=ntsec setting the same |
172 | way as they are used by the `login' port on sources.redhat.com: | 171 | way as they are used by Cygwin's login(1) port: |
173 | 172 | ||
174 | The pw_gecos field may contain an additional field, that begins | 173 | The pw_gecos field may contain an additional field, that begins |
175 | with (upper case!) "U-", followed by the domain and the username | 174 | with (upper case!) "U-", followed by the domain and the username |
@@ -186,6 +185,8 @@ way as they are used by the `login' port on sources.redhat.com: | |||
186 | 185 | ||
187 | locuser::1104:513:John Doe,U-user,S-1-5-21-... | 186 | locuser::1104:513:John Doe,U-user,S-1-5-21-... |
188 | 187 | ||
188 | Note that the CYGWIN=ntsec setting is required for public key authentication. | ||
189 | |||
189 | SSH2 server and user keys are generated by the `ssh-*-config' scripts | 190 | SSH2 server and user keys are generated by the `ssh-*-config' scripts |
190 | as well. | 191 | as well. |
191 | 192 | ||
@@ -194,15 +195,30 @@ configure are used for the Cygwin binary distribution: | |||
194 | 195 | ||
195 | --prefix=/usr \ | 196 | --prefix=/usr \ |
196 | --sysconfdir=/etc \ | 197 | --sysconfdir=/etc \ |
197 | --libexecdir='${exec_prefix}/sbin' | 198 | --libexecdir='$(sbindir)' \ |
198 | 199 | --localstatedir=/var \ | |
199 | You must have installed the zlib and openssl packages to be able to | 200 | --datadir='$(prefix)/share' \ |
201 | --mandir='$(datadir)/man' \ | ||
202 | --with-tcp-wrappers | ||
203 | |||
204 | If you want to create a Cygwin package, equivalent to the one | ||
205 | in the Cygwin binary distribution, install like this: | ||
206 | |||
207 | mkdir /tmp/cygwin-ssh | ||
208 | cd $(builddir) | ||
209 | make install DESTDIR=/tmp/cygwin-ssh | ||
210 | cd $(srcdir)/contrib/cygwin | ||
211 | make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh | ||
212 | cd /tmp/cygwin-ssh | ||
213 | find * \! -type d | tar cvjfT my-openssh.tar.bz2 - | ||
214 | |||
215 | You must have installed the zlib and openssl-devel packages to be able to | ||
200 | build OpenSSH! | 216 | build OpenSSH! |
201 | 217 | ||
202 | Please send requests, error reports etc. to cygwin@cygwin.com. | 218 | Please send requests, error reports etc. to cygwin@cygwin.com. |
203 | 219 | ||
204 | Have fun, | 220 | Have fun, |
205 | 221 | ||
206 | Corinna Vinschen <vinschen@redhat.com> | 222 | Corinna Vinschen |
207 | Cygwin Developer | 223 | Cygwin Developer |
208 | Red Hat Inc. | 224 | Red Hat Inc. |