1 files changed, 137 insertions, 0 deletions
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
new file mode 100644
index 000000000..8c9d0bb73
--- /dev/null
+++ b/contrib/cygwin/README
@@ -0,0 +1,137 @@
+This package is the actual port of OpenSSH to Cygwin 1.1.
+===========================================================================
+Important change since 2.3.0p1:
+When using `ntea' or `ntsec' you now have to care for the ownership
+and permission bits of your host key files and your private key files.
+The host key files have to be owned by the NT account which starts
+sshd. The user key files have to be owned by the user. The permission
+bits of the private key files (host and user) have to be at least
+rw------- (0600)!
+Note that this is forced under `ntsec' only if the files are on a NTFS
+filesystem (which is recommended) due to the lack of any basic security
+features of the FAT/FAT32 filesystems.
+===========================================================================
+Since this package is part of the base distribution now, the location
+of the files has changed from /usr/local to /usr. The global configuration
+files are in /etc now.
+If you are installing OpenSSH the first time, you can generate
+global config files, server keys and your own user keys by running
+   
+   /usr/bin/ssh-config
+If you are updating your installation you may run the above ssh-config
+as well to move your configuration files to the new location and to
+erase the files at the old location.
+Be sure to start the new ssh-config when updating!
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-config is started.
+Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
+(results in very slow deamon startup!) or from the command line (recommended
+on 9X/ME).
+If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
+following line to your inetd.conf file:
+sshd stream tcp nowait root /usr/sbin/in.sshd sshd -i
+Moreover you'll have to add the following line to your
+${SYSTEMROOT}/system32/drivers/etc/services file:
+   sshd         22/tcp          #SSH daemon
+Authentication to sshd is possible in one of two ways.
+You'll have to decide before starting sshd!
+- If you want to authenticate via RSA and you want to login to that
+  machine to exactly one user account you can do so by running sshd
+  under that user account. You must change /etc/sshd_config
+  to contain the following:
+  RSAAuthentication yes
+  Moreover it's possible to use rhosts and/or rhosts with
+  RSA authentication by setting the following in sshd_config:
+  RhostsAuthentication yes
+  RhostsRSAAuthentication yes
+- If you want to be able to login to different user accounts you'll
+  have to start sshd under system account or any other account that
+  is able to switch user context. Note that administrators are _not_
+  able to do that by default! You'll have to give the following
+  special user rights to the user:
+  "Act as part of the operating system"
+  "Replace process level token"
+  "Increase quotas"
+  and if used via service manager
+  "Logon as a service".
+  The system account does of course own that user rights by default.
+  Unfortunately, if you choose that way, you can only logon with
+  NT password authentification and you should change
+  /etc/sshd_config to contain the following:
+    PasswordAuthentication yes
+    RhostsAuthentication no
+    RhostsRSAAuthentication no
+    RSAAuthentication no
+  However you can login to the user which has started sshd with
+  RSA authentication anyway. If you want that, change the RSA
+  authentication setting back to "yes":
+     
+    RSAAuthentication yes
+You may use all features of the CYGWIN=ntsec setting the same
+way as they are used by the `login' port on sources.redhat.com:
+  The pw_gecos field may contain an additional field, that begins
+  with (upper case!) "U-", followed by the domain and the username
+  separated by a backslash.
+  CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
+  BTW: The field separator in pw_gecos is the comma.
+  The username in pw_name itself may be any nice name:
+    domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
+  Now you may use `domuser' as your login name with telnet!
+  This is possible additionally for local users, if you don't like
+  your NT login name ;-) You only have to leave out the domain:
+    locuser::1104:513:John Doe,U-user,S-1-5-21-...
+V2 server and user keys are generated by `ssh-config'. If you want to
+create DSA keys by yourself, call ssh-keygen with `-d' option.
+DSA authentication similar to RSA:
+    Add keys to ~/.ssh/authorized_keys2
+Interop. w/ ssh.com dsa-keys:
+    ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
+and vice versa:
+    ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
+    echo Key mykey.pub >> ~/.ssh2/authorization
+If you want to build from source, the following options to
+configure are used for the Cygwin binary distribution:
+--prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
+You must have installed the zlib, openssl and regex packages to
+be able to build OpenSSH!
+Please send requests, error reports etc. to cygwin@sources.redhat.com.
+Have fun,
+Corinna Vinschen <vinschen@cygnus.com>
+Cygwin Developer
+Red Hat Inc.

diff --git a/contrib/cygwin/README b/contrib/cygwin/README new file mode 100644 index 000000000..8c9d0bb73 --- /dev/null +++ b/contrib/cygwin/README
@@ -0,0 +1,137 @@
	1	This package is the actual port of OpenSSH to Cygwin 1.1.
	2
	3	===========================================================================
	4	Important change since 2.3.0p1:
	5
	6	When using `ntea' or `ntsec' you now have to care for the ownership
	7	and permission bits of your host key files and your private key files.
	8	The host key files have to be owned by the NT account which starts
	9	sshd. The user key files have to be owned by the user. The permission
	10	bits of the private key files (host and user) have to be at least
	11	rw------- (0600)!
	12
	13	Note that this is forced under `ntsec' only if the files are on a NTFS
	14	filesystem (which is recommended) due to the lack of any basic security
	15	features of the FAT/FAT32 filesystems.
	16	===========================================================================
	17
	18	Since this package is part of the base distribution now, the location
	19	of the files has changed from /usr/local to /usr. The global configuration
	20	files are in /etc now.
	21
	22	If you are installing OpenSSH the first time, you can generate
	23	global config files, server keys and your own user keys by running
	24
	25	/usr/bin/ssh-config
	26
	27	If you are updating your installation you may run the above ssh-config
	28	as well to move your configuration files to the new location and to
	29	erase the files at the old location.
	30
	31	Be sure to start the new ssh-config when updating!
	32
	33	Note that this binary archive doesn't contain default config files in /etc.
	34	That files are only created if ssh-config is started.
	35
	36	Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
	37	(results in very slow deamon startup!) or from the command line (recommended
	38	on 9X/ME).
	39
	40	If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
	41	following line to your inetd.conf file:
	42
	43	sshd stream tcp nowait root /usr/sbin/in.sshd sshd -i
	44
	45	Moreover you'll have to add the following line to your
	46	${SYSTEMROOT}/system32/drivers/etc/services file:
	47
	48	sshd 22/tcp #SSH daemon
	49
	50	Authentication to sshd is possible in one of two ways.
	51	You'll have to decide before starting sshd!
	52
	53	- If you want to authenticate via RSA and you want to login to that
	54	machine to exactly one user account you can do so by running sshd
	55	under that user account. You must change /etc/sshd_config
	56	to contain the following:
	57
	58	RSAAuthentication yes
	59
	60	Moreover it's possible to use rhosts and/or rhosts with
	61	RSA authentication by setting the following in sshd_config:
	62
	63	RhostsAuthentication yes
	64	RhostsRSAAuthentication yes
	65
	66	- If you want to be able to login to different user accounts you'll
	67	have to start sshd under system account or any other account that
	68	is able to switch user context. Note that administrators are _not_
	69	able to do that by default! You'll have to give the following
	70	special user rights to the user:
	71	"Act as part of the operating system"
	72	"Replace process level token"
	73	"Increase quotas"
	74	and if used via service manager
	75	"Logon as a service".
	76
	77	The system account does of course own that user rights by default.
	78
	79	Unfortunately, if you choose that way, you can only logon with
	80	NT password authentification and you should change
	81	/etc/sshd_config to contain the following:
	82
	83	PasswordAuthentication yes
	84	RhostsAuthentication no
	85	RhostsRSAAuthentication no
	86	RSAAuthentication no
	87
	88	However you can login to the user which has started sshd with
	89	RSA authentication anyway. If you want that, change the RSA
	90	authentication setting back to "yes":
	91
	92	RSAAuthentication yes
	93
	94	You may use all features of the CYGWIN=ntsec setting the same
	95	way as they are used by the `login' port on sources.redhat.com:
	96
	97	The pw_gecos field may contain an additional field, that begins
	98	with (upper case!) "U-", followed by the domain and the username
	99	separated by a backslash.
	100	CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
	101	BTW: The field separator in pw_gecos is the comma.
	102	The username in pw_name itself may be any nice name:
	103
	104	domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
	105
	106	Now you may use `domuser' as your login name with telnet!
	107	This is possible additionally for local users, if you don't like
	108	your NT login name ;-) You only have to leave out the domain:
	109
	110	locuser::1104:513:John Doe,U-user,S-1-5-21-...
	111
	112	V2 server and user keys are generated by `ssh-config'. If you want to
	113	create DSA keys by yourself, call ssh-keygen with `-d' option.
	114
	115	DSA authentication similar to RSA:
	116	Add keys to ~/.ssh/authorized_keys2
	117	Interop. w/ ssh.com dsa-keys:
	118	ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
	119	and vice versa:
	120	ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
	121	echo Key mykey.pub >> ~/.ssh2/authorization
	122
	123	If you want to build from source, the following options to
	124	configure are used for the Cygwin binary distribution:
	125
	126	--prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin
	127
	128	You must have installed the zlib, openssl and regex packages to
	129	be able to build OpenSSH!
	130
	131	Please send requests, error reports etc. to cygwin@sources.redhat.com.
	132
	133	Have fun,
	134
	135	Corinna Vinschen <vinschen@cygnus.com>
	136	Cygwin Developer
	137	Red Hat Inc.