diff options
Diffstat (limited to 'other/ssharp/contrib/cygwin/README')
| -rw-r--r-- | other/ssharp/contrib/cygwin/README | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/other/ssharp/contrib/cygwin/README b/other/ssharp/contrib/cygwin/README new file mode 100644 index 0000000..798e5d6 --- /dev/null +++ b/other/ssharp/contrib/cygwin/README | |||
| @@ -0,0 +1,163 @@ | |||
| 1 | This package is the actual port of OpenSSH to Cygwin 1.1. | ||
| 2 | |||
| 3 | =========================================================================== | ||
| 4 | Important change since 2.3.0p1: | ||
| 5 | |||
| 6 | When using `ntea' or `ntsec' you now have to care for the ownership | ||
| 7 | and permission bits of your host key files and your private key files. | ||
| 8 | The host key files have to be owned by the NT account which starts | ||
| 9 | sshd. The user key files have to be owned by the user. The permission | ||
| 10 | bits of the private key files (host and user) have to be at least | ||
| 11 | rw------- (0600)! | ||
| 12 | |||
| 13 | Note that this is forced under `ntsec' only if the files are on a NTFS | ||
| 14 | filesystem (which is recommended) due to the lack of any basic security | ||
| 15 | features of the FAT/FAT32 filesystems. | ||
| 16 | =========================================================================== | ||
| 17 | |||
| 18 | If you are installing OpenSSH the first time, you can generate global config | ||
| 19 | files and server keys by running | ||
| 20 | |||
| 21 | /usr/bin/ssh-host-config | ||
| 22 | |||
| 23 | Note that this binary archive doesn't contain default config files in /etc. | ||
| 24 | That files are only created if ssh-host-config is started. | ||
| 25 | |||
| 26 | If you are updating your installation you may run the above ssh-host-config | ||
| 27 | as well to move your configuration files to the new location and to | ||
| 28 | erase the files at the old location. | ||
| 29 | |||
| 30 | To support testing and unattended installation ssh-host-config got | ||
| 31 | some options: | ||
| 32 | |||
| 33 | usage: ssh-host-config [OPTION]... | ||
| 34 | Options: | ||
| 35 | --debug -d Enable shell's debug output. | ||
| 36 | --yes -y Answer all questions with "yes" automatically. | ||
| 37 | --no -n Answer all questions with "no" automatically. | ||
| 38 | --port -p <n> sshd listens on port n. | ||
| 39 | |||
| 40 | You can create the private and public keys for a user now by running | ||
| 41 | |||
| 42 | /usr/bin/ssh-user-config | ||
| 43 | |||
| 44 | under the users account. | ||
| 45 | |||
| 46 | To support testing and unattended installation ssh-user-config got | ||
| 47 | some options as well: | ||
| 48 | |||
| 49 | usage: ssh-user-config [OPTION]... | ||
| 50 | Options: | ||
| 51 | --debug -d Enable shell's debug output. | ||
| 52 | --yes -y Answer all questions with "yes" automatically. | ||
| 53 | --no -n Answer all questions with "no" automatically. | ||
| 54 | --passphrase -p word Use "word" as passphrase automatically. | ||
| 55 | |||
| 56 | Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd | ||
| 57 | (results in very slow deamon startup!) or from the command line (recommended | ||
| 58 | on 9X/ME). | ||
| 59 | |||
| 60 | If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the | ||
| 61 | following line to your inetd.conf file: | ||
| 62 | |||
| 63 | sshd stream tcp nowait root /usr/sbin/in.sshd sshd -i | ||
| 64 | |||
| 65 | Moreover you'll have to add the following line to your | ||
| 66 | ${SYSTEMROOT}/system32/drivers/etc/services file: | ||
| 67 | |||
| 68 | sshd 22/tcp #SSH daemon | ||
| 69 | |||
| 70 | Authentication to sshd is possible in one of two ways. | ||
| 71 | You'll have to decide before starting sshd! | ||
| 72 | |||
| 73 | - If you want to authenticate via RSA and you want to login to that | ||
| 74 | machine to exactly one user account you can do so by running sshd | ||
| 75 | under that user account. You must change /etc/sshd_config | ||
| 76 | to contain the following: | ||
| 77 | |||
| 78 | RSAAuthentication yes | ||
| 79 | |||
| 80 | Moreover it's possible to use rhosts and/or rhosts with | ||
| 81 | RSA authentication by setting the following in sshd_config: | ||
| 82 | |||
| 83 | RhostsAuthentication yes | ||
| 84 | RhostsRSAAuthentication yes | ||
| 85 | |||
| 86 | - If you want to be able to login to different user accounts you'll | ||
| 87 | have to start sshd under system account or any other account that | ||
| 88 | is able to switch user context. Note that administrators are _not_ | ||
| 89 | able to do that by default! You'll have to give the following | ||
| 90 | special user rights to the user: | ||
| 91 | "Act as part of the operating system" | ||
| 92 | "Replace process level token" | ||
| 93 | "Increase quotas" | ||
| 94 | and if used via service manager | ||
| 95 | "Logon as a service". | ||
| 96 | |||
| 97 | The system account does of course own that user rights by default. | ||
| 98 | |||
| 99 | Unfortunately, if you choose that way, you can only logon with | ||
| 100 | NT password authentification and you should change | ||
| 101 | /etc/sshd_config to contain the following: | ||
| 102 | |||
| 103 | PasswordAuthentication yes | ||
| 104 | RhostsAuthentication no | ||
| 105 | RhostsRSAAuthentication no | ||
| 106 | RSAAuthentication no | ||
| 107 | |||
| 108 | However you can login to the user which has started sshd with | ||
| 109 | RSA authentication anyway. If you want that, change the RSA | ||
| 110 | authentication setting back to "yes": | ||
| 111 | |||
| 112 | RSAAuthentication yes | ||
| 113 | |||
| 114 | Please note that OpenSSH does never use the value of $HOME to | ||
| 115 | search for the users configuration files! It always uses the | ||
| 116 | value of the pw_dir field in /etc/passwd as the home directory. | ||
| 117 | If no home diretory is set in /etc/passwd, the root directory | ||
| 118 | is used instead! | ||
| 119 | |||
| 120 | You may use all features of the CYGWIN=ntsec setting the same | ||
| 121 | way as they are used by the `login' port on sources.redhat.com: | ||
| 122 | |||
| 123 | The pw_gecos field may contain an additional field, that begins | ||
| 124 | with (upper case!) "U-", followed by the domain and the username | ||
| 125 | separated by a backslash. | ||
| 126 | CAUTION: The SID _must_ remain the _last_ field in pw_gecos! | ||
| 127 | BTW: The field separator in pw_gecos is the comma. | ||
| 128 | The username in pw_name itself may be any nice name: | ||
| 129 | |||
| 130 | domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... | ||
| 131 | |||
| 132 | Now you may use `domuser' as your login name with telnet! | ||
| 133 | This is possible additionally for local users, if you don't like | ||
| 134 | your NT login name ;-) You only have to leave out the domain: | ||
| 135 | |||
| 136 | locuser::1104:513:John Doe,U-user,S-1-5-21-... | ||
| 137 | |||
| 138 | SSH2 server and user keys are generated by the `ssh-*-config' scripts | ||
| 139 | as well. | ||
| 140 | |||
| 141 | SSH2 authentication similar to SSH1: | ||
| 142 | Add keys to ~/.ssh/authorized_keys2 | ||
| 143 | Interop. w/ ssh.com dsa-keys: | ||
| 144 | ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 | ||
| 145 | and vice versa: | ||
| 146 | ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub | ||
| 147 | echo Key mykey.pub >> ~/.ssh2/authorization | ||
| 148 | |||
| 149 | If you want to build from source, the following options to | ||
| 150 | configure are used for the Cygwin binary distribution: | ||
| 151 | |||
| 152 | --prefix=/usr --sysconfdir=/etc --libexecdir='${exec_prefix}/sbin | ||
| 153 | |||
| 154 | You must have installed the zlib, openssl and regex packages to | ||
| 155 | be able to build OpenSSH! | ||
| 156 | |||
| 157 | Please send requests, error reports etc. to cygwin@sources.redhat.com. | ||
| 158 | |||
| 159 | Have fun, | ||
| 160 | |||
| 161 | Corinna Vinschen <vinschen@cygnus.com> | ||
| 162 | Cygwin Developer | ||
| 163 | Red Hat Inc. | ||