| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
sshd permissions on start up
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 sshd permissions on start up - Aug. 31, '04, 12:18:15 PM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
I'm trying to run the following command:
ssh Administrator@machine '/common/mount.exe machine:/mnt/dir s:'
After a reboot, this gives the error Network Error - 5 (Access denied).
Just to check things are okay, ssh Administrator@node74 'id' gives:
uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 131616(+Administrators), 197614(OWS_456569845_admin), 197615(Debugger Users), 4095(CurrentSession), 66048(+LOCAL), 66820(+INTERACTIVE), 66827(+Authenticated Users)
Then, if I go onto the machine, start up ksh and restart sshd via /etc/init.d/sshd, the above ssh-mount command succeeds.
I'm guessing there's some issue with how sshd is started on start up, maybe with the wrong permissions. How can I get sshd started correctly?
My versions are:
SfU: OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
interix: 3.5
Thanks.
|
|
|
|
|
RE: sshd permissions on start up - Sep. 1, '04, 11:42:12 PM
|
|
|
Rodney
Posts: 3714
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
Right the process' token (which includes security info) is initially
set with just local machine access. Hence, the network error message
you get. That's the way it is for various security/coding reasons.
When you are starting up sshd the second time you are on as which user?
(sorry for the delay responding)
|
|
|
|
|
RE: sshd permissions on start up - Sep. 2, '04, 6:16:49 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
When I start sshd manually, I'm on console, logged in on Windows as Administrator and just start up a shell. That shell gives the following info.
%whoami
Administrator
%id
uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 197615(Debugger Users), 131616(+Administrators), 131617(+Users), 66830(+REMOTE INTERACTIVE LOGON), 66820(+INTERACTIVE), 66827(+Authenticated Users), 66831(+This Organization), 4095(CurrentSession), 66048(+LOCAL), 262154(NT AUTHORITY+NTLM Authentication)
%uname -a
Interix node74 3.5 SP-8.0.1969.1 x86 Intel_x86_Family15_Model2_Stepping9
%pdomain
NODE74
%hostname
node74
Once I've restarted sshd, the ssh-mount command is able to succeed. In the same state, ssh administrator@node74 id gives
uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 131616(+Administrators), 197614(OWS_456569845_admin), 197615(Debugger Users), 4095(CurrentSession), 66048(+LOCAL), 66820(+INTERACTIVE), 66827(+Authenticated Users)
...that's the same as before I restarted the daemon (in original post), yet the mount command is now possible!
Is it possible to get it in the working state on start-up, or via ssh, or in any automatable way? Thanks.
|
|
|
|
|
RE: sshd permissions on start up - Sep. 9, '04, 5:52:38 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
Still had no luck getting this to work. Some things I tried:
I tried restarting sshd via the ssh:
ssh Administrator@node74 '/etc/init.d/sshd stop; /etc/init.d/sshd start'
Did restart sshd, but not in desired state. Also tried su to administrator to run the commands, but same effect.
Tried fiddling with various things in the "Log in as" tab of the Interix Subsystem service properties. Couldn't get it working.
Using gpedit.msc, in "Local Computer Policy\Computer Configuration\Windows Settings\Scripts", I put a startup script:
C:\WINDOWS\system32\POSIX.EXE /u /c /bin/ksh -l -c "{ /etc/init.d/sshd stop; /etc/init.d/sshd start; } > /tmp/messages 2>&1
The messages file reported that the daemon was stopped then started, but when the system comes up, no sshd is to be found.
The only partial solution I've found is to put a script containing /etc/init.d/sshd stop; /etc/init.d/sshd start in administrator's Start\Program Files\Startup. But this still requires someone to manually log in as administrator after boot-up so that the script is executed, and I need to automate this.
Any ideas anyone???
|
|
|
|
|
RE: sshd permissions on start up - Sep. 14, '04, 9:42:58 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
For anyone interested, I think we finally found a workaround: move sshd from /etc/init.d so it is not started by the interix service at start-up. Put it somewhere else. Insert this new file as it's own service using the service command (type man services for info).
|
|
|
|
|
RE: sshd permissions on start up - Sep. 14, '04, 10:16:15 AM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
Could you describe it a bit more? How to run the sshd at startup then? Will it run with the privledges of which user?
|
|
|
|
|
RE: sshd permissions on start up - Sep. 14, '04, 7:24:29 PM
|
|
|
markfunk
Posts: 670
Joined: Mar. 31, '03,
Status: offline
|
How are you planning on configuring this Windows service ? As a default service that starts with "SYSTEM" credentials or are you explicitly selecting local Administrator and its password in the service parameters ?
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 12:33:21 AM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
I did some experiments and:
when moved sshd script from /etc/init.d to somewhere else and tried to start it as servis it didn't work
I started the sshd itself as service with SYSTEM account but it immidiately loogged user out after logging in
I needed to grant the service root rights so that now it works in userspace as if it was started by me from the command shell - and that works fine
There is a LIBRARY_LD_PATH in the /stc/inint.d/sshd somewhere defined - I just added it to my .bash_profile to be exported when I log in, or maybe is there a nicer way to do this?
< Message edited by cortez_ -- Sep. 15, '04, 12:34:35 AM >
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 7:04:42 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
Sorry, should have been more precise. Log in on console as Administrator. Open up a ksh session, and type the following:
/etc/init.d/sshd stop
mv /etc/rc2.d/S32sshd /etc/rc2.d/.s32sshd
service install -n SSHDaemon -u Administrator -p password -s auto /usr/local/sbin/sshd -D
service start SSHDaemon
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 7:10:29 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
After reading cortez_'s second message above, I should add that we have not been able to start interactive sessions - it just logs you out straight away. We can do ssh administrator@node74 /bin/sh but there are no terminal features.
I had assumed this was an unrelated problem, but I really don't know. For me this isn't important as my goal is automation.
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 9:05:10 AM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
As I have installed the service as user root ist enables me to log in and use external computers visible in the /net folder
BTW. what is the -D option in sshd for?
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 9:30:21 AM
|
|
|
tomn
Posts: 7
Joined: Aug. 31, '04,
Status: offline
|
Without -D, sshd uses fork() to launch the daemon so it runs in the background, thus returning control to the user straight away. This confuses the Windows service manager which thinks the daemon has quit or crashed (even though it's actually still running). -D forces sshd to run in the foreground and not to quit until it is killed.
|
|
|
|
|
RE: sshd permissions on start up - Sep. 15, '04, 10:08:54 AM
|
|
|
cortez_
Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
|
But actually I haven't noticed that behaviour...
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
