summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/contrib/cygwin/README
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/contrib/cygwin/README')
-rw-r--r--crypto/openssh/contrib/cygwin/README224
1 files changed, 224 insertions, 0 deletions
diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README
new file mode 100644
index 0000000..fc0a2f6
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/README
@@ -0,0 +1,224 @@
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions. Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+Build instructions are at the end of the file.
+
+===========================================================================
+Important change since 3.7.1p2-2:
+
+The ssh-host-config file doesn't create the /etc/ssh_config and
+/etc/sshd_config files from builtin here-scripts anymore, but it uses
+skeleton files installed in /etc/defaults/etc.
+
+Also it now tries hard to create appropriate permissions on files.
+Same applies for ssh-user-config.
+
+After creating the sshd service with ssh-host-config, it's advisable to
+call ssh-user-config for all affected users, also already exising user
+configurations. In the latter case, file and directory permissions are
+checked and changed, if requireed to match the host configuration.
+
+Important note for Windows 2003 Server users:
+---------------------------------------------
+
+2003 Server has a funny new feature. When starting services under SYSTEM
+account, these services have nearly all user rights which SYSTEM holds...
+except for the "Create a token object" right, which is needed to allow
+public key authentication :-(
+
+There's no way around this, except for creating a substitute account which
+has the appropriate privileges. Basically, this account should be member
+of the administrators group, plus it should have the following user rights:
+
+ Create a token object
+ Logon as a service
+ Replace a process level token
+ Increase Quota
+
+The ssh-host-config script asks you, if it should create such an account,
+called "sshd_server". If you say "no" here, you're on your own. Please
+follow the instruction in ssh-host-config exactly if possible. Note that
+ssh-user-config sets the permissions on 2003 Server machines dependent of
+whether a sshd_server account exists or not.
+===========================================================================
+
+===========================================================================
+Important change since 3.4p1-2:
+
+This version adds privilege separation as default setting, see
+/usr/doc/openssh/README.privsep. According to that document the
+privsep feature requires a non-privileged account called 'sshd'.
+
+The new ssh-host-config file which is part of this version asks
+to create 'sshd' as local user if you want to use privilege
+separation. If you confirm, it creates that NT user and adds
+the necessary entry to /etc/passwd.
+
+On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
+since that feature doesn't make any sense on a system which doesn't
+differ between privileged and unprivileged users.
+
+The new ssh-host-config script also adds the /var/empty directory
+needed by privilege separation. When creating the /var/empty directory
+by yourself, please note that in contrast to the README.privsep document
+the owner sshould not be "root" but the user which is running sshd. So,
+in the standard configuration this is SYSTEM. The ssh-host-config script
+chowns /var/empty accordingly.
+===========================================================================
+
+===========================================================================
+Important change since 3.0.1p1-2:
+
+This version introduces the ability to register sshd as service on
+Windows 9x/Me systems. This is done only when the options -D and/or
+-d are not given.
+===========================================================================
+
+===========================================================================
+Important change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+===========================================================================
+
+===========================================================================
+Important change since 2.3.0p1:
+
+When using `ntea' or `ntsec' you now have to care for the ownership
+and permission bits of your host key files and your private key files.
+The host key files have to be owned by the NT account which starts
+sshd. The user key files have to be owned by the user. The permission
+bits of the private key files (host and user) have to be at least
+rw------- (0600)!
+
+Note that this is forced under `ntsec' only if the files are on a NTFS
+filesystem (which is recommended) due to the lack of any basic security
+features of the FAT/FAT32 filesystems.
+===========================================================================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys by running
+
+ /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+If you are updating your installation you may run the above ssh-host-config
+as well to move your configuration files to the new location and to
+erase the files at the old location.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --cygwin -c <options> Use "options" as value for CYGWIN environment var.
+ --port -p <n> sshd listens on port n.
+ --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'.
+
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
+You can create the private and public keys for a user now by running
+
+ /usr/bin/ssh-user-config
+
+under the users account.
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --passphrase -p word Use "word" as passphrase automatically.
+
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
+(results in very slow deamon startup!) or from the command line (recommended
+on 9X/ME).
+
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at all.
+
+If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
+following line to your inetd.conf file:
+
+ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i
+
+Moreover you'll have to add the following line to your
+${SYSTEMROOT}/system32/drivers/etc/services file:
+
+ ssh 22/tcp #SSH daemon
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+You may use all features of the CYGWIN=ntsec setting the same
+way as they are used by Cygwin's login(1) port:
+
+ The pw_gecos field may contain an additional field, that begins
+ with (upper case!) "U-", followed by the domain and the username
+ separated by a backslash.
+ CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
+ BTW: The field separator in pw_gecos is the comma.
+ The username in pw_name itself may be any nice name:
+
+ domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
+
+ Now you may use `domuser' as your login name with telnet!
+ This is possible additionally for local users, if you don't like
+ your NT login name ;-) You only have to leave out the domain:
+
+ locuser::1104:513:John Doe,U-user,S-1-5-21-...
+
+Note that the CYGWIN=ntsec setting is required for public key authentication.
+
+SSH2 server and user keys are generated by the `ssh-*-config' scripts
+as well.
+
+If you want to build from source, the following options to
+configure are used for the Cygwin binary distribution:
+
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir='$(sbindir)' \
+ --localstatedir=/var \
+ --datadir='$(prefix)/share' \
+ --mandir='$(datadir)/man' \
+ --with-tcp-wrappers
+
+If you want to create a Cygwin package, equivalent to the one
+in the Cygwin binary distribution, install like this:
+
+ mkdir /tmp/cygwin-ssh
+ cd $(builddir)
+ make install DESTDIR=/tmp/cygwin-ssh
+ cd $(srcdir)/contrib/cygwin
+ make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
+ cd /tmp/cygwin-ssh
+ find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
+
+You must have installed the zlib and openssl-devel packages to be able to
+build OpenSSH!
+
+Please send requests, error reports etc. to cygwin@cygwin.com.
+
+Have fun,
+
+Corinna Vinschen
+Cygwin Developer
+Red Hat Inc.
OpenPOWER on IntegriCloud