diff options
Diffstat (limited to 'crypto/openssh/contrib/cygwin/README')
| -rw-r--r-- | crypto/openssh/contrib/cygwin/README | 224 |
1 files changed, 0 insertions, 224 deletions
diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README deleted file mode 100644 index fc0a2f6..0000000 --- a/crypto/openssh/contrib/cygwin/README +++ /dev/null @@ -1,224 +0,0 @@ -This package describes important Cygwin specific stuff concerning OpenSSH. - -The binary package is usually built for recent Cygwin versions and might -not run on older versions. Please check http://cygwin.com/ for information -about current Cygwin releases. - -Build instructions are at the end of the file. - -=========================================================================== -Important change since 3.7.1p2-2: - -The ssh-host-config file doesn't create the /etc/ssh_config and -/etc/sshd_config files from builtin here-scripts anymore, but it uses -skeleton files installed in /etc/defaults/etc. - -Also it now tries hard to create appropriate permissions on files. -Same applies for ssh-user-config. - -After creating the sshd service with ssh-host-config, it's advisable to -call ssh-user-config for all affected users, also already exising user -configurations. In the latter case, file and directory permissions are -checked and changed, if requireed to match the host configuration. - -Important note for Windows 2003 Server users: ---------------------------------------------- - -2003 Server has a funny new feature. When starting services under SYSTEM -account, these services have nearly all user rights which SYSTEM holds... -except for the "Create a token object" right, which is needed to allow -public key authentication :-( - -There's no way around this, except for creating a substitute account which -has the appropriate privileges. Basically, this account should be member -of the administrators group, plus it should have the following user rights: - - Create a token object - Logon as a service - Replace a process level token - Increase Quota - -The ssh-host-config script asks you, if it should create such an account, -called "sshd_server". If you say "no" here, you're on your own. Please -follow the instruction in ssh-host-config exactly if possible. Note that -ssh-user-config sets the permissions on 2003 Server machines dependent of -whether a sshd_server account exists or not. -=========================================================================== - -=========================================================================== -Important change since 3.4p1-2: - -This version adds privilege separation as default setting, see -/usr/doc/openssh/README.privsep. According to that document the -privsep feature requires a non-privileged account called 'sshd'. - -The new ssh-host-config file which is part of this version asks -to create 'sshd' as local user if you want to use privilege -separation. If you confirm, it creates that NT user and adds -the necessary entry to /etc/passwd. - -On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" -since that feature doesn't make any sense on a system which doesn't -differ between privileged and unprivileged users. - -The new ssh-host-config script also adds the /var/empty directory -needed by privilege separation. When creating the /var/empty directory -by yourself, please note that in contrast to the README.privsep document -the owner sshould not be "root" but the user which is running sshd. So, -in the standard configuration this is SYSTEM. The ssh-host-config script -chowns /var/empty accordingly. -=========================================================================== - -=========================================================================== -Important change since 3.0.1p1-2: - -This version introduces the ability to register sshd as service on -Windows 9x/Me systems. This is done only when the options -D and/or --d are not given. -=========================================================================== - -=========================================================================== -Important change since 2.9p2: - -Since Cygwin is able to switch user context without password beginning -with version 1.3.2, OpenSSH now allows to do so when it's running under -a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to -allow that feature. -=========================================================================== - -=========================================================================== -Important change since 2.3.0p1: - -When using `ntea' or `ntsec' you now have to care for the ownership -and permission bits of your host key files and your private key files. -The host key files have to be owned by the NT account which starts -sshd. The user key files have to be owned by the user. The permission -bits of the private key files (host and user) have to be at least -rw------- (0600)! - -Note that this is forced under `ntsec' only if the files are on a NTFS -filesystem (which is recommended) due to the lack of any basic security -features of the FAT/FAT32 filesystems. -=========================================================================== - -If you are installing OpenSSH the first time, you can generate global config -files and server keys by running - - /usr/bin/ssh-host-config - -Note that this binary archive doesn't contain default config files in /etc. -That files are only created if ssh-host-config is started. - -If you are updating your installation you may run the above ssh-host-config -as well to move your configuration files to the new location and to -erase the files at the old location. - -To support testing and unattended installation ssh-host-config got -some options: - -usage: ssh-host-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --cygwin -c <options> Use "options" as value for CYGWIN environment var. - --port -p <n> sshd listens on port n. - --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. - -Additionally ssh-host-config now asks if it should install sshd as a -service when running under NT/W2K. This requires cygrunsrv installed. - -You can create the private and public keys for a user now by running - - /usr/bin/ssh-user-config - -under the users account. - -To support testing and unattended installation ssh-user-config got -some options as well: - -usage: ssh-user-config [OPTION]... -Options: - --debug -d Enable shell's debug output. - --yes -y Answer all questions with "yes" automatically. - --no -n Answer all questions with "no" automatically. - --passphrase -p word Use "word" as passphrase automatically. - -Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd -(results in very slow deamon startup!) or from the command line (recommended -on 9X/ME). - -If you start sshd as deamon via cygrunsrv.exe you MUST give the -"-D" option to sshd. Otherwise the service can't get started at all. - -If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the -following line to your inetd.conf file: - -ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i - -Moreover you'll have to add the following line to your -${SYSTEMROOT}/system32/drivers/etc/services file: - - ssh 22/tcp #SSH daemon - -Please note that OpenSSH does never use the value of $HOME to -search for the users configuration files! It always uses the -value of the pw_dir field in /etc/passwd as the home directory. -If no home diretory is set in /etc/passwd, the root directory -is used instead! - -You may use all features of the CYGWIN=ntsec setting the same -way as they are used by Cygwin's login(1) port: - - The pw_gecos field may contain an additional field, that begins - with (upper case!) "U-", followed by the domain and the username - separated by a backslash. - CAUTION: The SID _must_ remain the _last_ field in pw_gecos! - BTW: The field separator in pw_gecos is the comma. - The username in pw_name itself may be any nice name: - - domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... - - Now you may use `domuser' as your login name with telnet! - This is possible additionally for local users, if you don't like - your NT login name ;-) You only have to leave out the domain: - - locuser::1104:513:John Doe,U-user,S-1-5-21-... - -Note that the CYGWIN=ntsec setting is required for public key authentication. - -SSH2 server and user keys are generated by the `ssh-*-config' scripts -as well. - -If you want to build from source, the following options to -configure are used for the Cygwin binary distribution: - - --prefix=/usr \ - --sysconfdir=/etc \ - --libexecdir='$(sbindir)' \ - --localstatedir=/var \ - --datadir='$(prefix)/share' \ - --mandir='$(datadir)/man' \ - --with-tcp-wrappers - -If you want to create a Cygwin package, equivalent to the one -in the Cygwin binary distribution, install like this: - - mkdir /tmp/cygwin-ssh - cd $(builddir) - make install DESTDIR=/tmp/cygwin-ssh - cd $(srcdir)/contrib/cygwin - make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh - cd /tmp/cygwin-ssh - find * \! -type d | tar cvjfT my-openssh.tar.bz2 - - -You must have installed the zlib and openssl-devel packages to be able to -build OpenSSH! - -Please send requests, error reports etc. to cygwin@cygwin.com. - -Have fun, - -Corinna Vinschen -Cygwin Developer -Red Hat Inc. |
