Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

sshd permissions on start up

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> Interix Advanced Forum >> sshd permissions on start up Page: [1]
Login
Message << Older Topic   Newer Topic >>
sshd permissions on start up - Aug. 31, '04, 12:18:15 PM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
I'm trying to run the following command:

ssh Administrator@machine '/common/mount.exe machine:/mnt/dir s:'

After a reboot, this gives the error Network Error - 5 (Access denied).

Just to check things are okay, ssh Administrator@node74 'id' gives:

uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 131616(+Administrators), 197614(OWS_456569845_admin), 197615(Debugger Users), 4095(CurrentSession), 66048(+LOCAL), 66820(+INTERACTIVE), 66827(+Authenticated Users)

Then, if I go onto the machine, start up ksh and restart sshd via /etc/init.d/sshd, the above ssh-mount command succeeds.

I'm guessing there's some issue with how sshd is started on start up, maybe with the wrong permissions. How can I get sshd started correctly?

My versions are:

SfU: OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
interix: 3.5

Thanks.
Post #: 1
RE: sshd permissions on start up - Sep. 1, '04, 11:42:12 PM   
Rodney

 

Posts: 3714
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
Right the process' token (which includes security info) is initially
set with just local machine access. Hence, the network error message
you get. That's the way it is for various security/coding reasons.

When you are starting up sshd the second time you are on as which user?

(sorry for the delay responding)

(in reply to tomn)
Post #: 2
RE: sshd permissions on start up - Sep. 2, '04, 6:16:49 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
When I start sshd manually, I'm on console, logged in on Windows as Administrator and just start up a shell. That shell gives the following info.

%whoami
Administrator

%id
uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 197615(Debugger Users), 131616(+Administrators), 131617(+Users), 66830(+REMOTE INTERACTIVE LOGON), 66820(+INTERACTIVE), 66827(+Authenticated Users), 66831(+This Organization), 4095(CurrentSession), 66048(+LOCAL), 262154(NT AUTHORITY+NTLM Authentication)

%uname -a
Interix node74 3.5 SP-8.0.1969.1 x86 Intel_x86_Family15_Model2_Stepping9

%pdomain
NODE74

%hostname
node74

Once I've restarted sshd, the ssh-mount command is able to succeed. In the same state, ssh administrator@node74 id gives

uid=197108(Administrator) gid=197121(None) groups=197121(None), 65792(+Everyone), 131616(+Administrators), 197614(OWS_456569845_admin), 197615(Debugger Users), 4095(CurrentSession), 66048(+LOCAL), 66820(+INTERACTIVE), 66827(+Authenticated Users)

...that's the same as before I restarted the daemon (in original post), yet the mount command is now possible!

Is it possible to get it in the working state on start-up, or via ssh, or in any automatable way? Thanks.

(in reply to tomn)
Post #: 3
RE: sshd permissions on start up - Sep. 9, '04, 5:52:38 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
Still had no luck getting this to work. Some things I tried:

I tried restarting sshd via the ssh:

ssh Administrator@node74 '/etc/init.d/sshd stop; /etc/init.d/sshd start'

Did restart sshd, but not in desired state. Also tried su to administrator to run the commands, but same effect.

Tried fiddling with various things in the "Log in as" tab of the Interix Subsystem service properties. Couldn't get it working.

Using gpedit.msc, in "Local Computer Policy\Computer Configuration\Windows Settings\Scripts", I put a startup script:

C:\WINDOWS\system32\POSIX.EXE /u /c /bin/ksh -l -c "{ /etc/init.d/sshd stop; /etc/init.d/sshd start; } > /tmp/messages 2>&1

The messages file reported that the daemon was stopped then started, but when the system comes up, no sshd is to be found.

The only partial solution I've found is to put a script containing /etc/init.d/sshd stop; /etc/init.d/sshd start in administrator's Start\Program Files\Startup. But this still requires someone to manually log in as administrator after boot-up so that the script is executed, and I need to automate this.

Any ideas anyone???

(in reply to tomn)
Post #: 4
RE: sshd permissions on start up - Sep. 14, '04, 9:42:58 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
For anyone interested, I think we finally found a workaround: move sshd from /etc/init.d so it is not started by the interix service at start-up. Put it somewhere else. Insert this new file as it's own service using the service command (type man services for info).

(in reply to tomn)
Post #: 5
RE: sshd permissions on start up - Sep. 14, '04, 10:16:15 AM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
Could you describe it a bit more? How to run the sshd at startup then? Will it run with the privledges of which user?

(in reply to tomn)
Post #: 6
RE: sshd permissions on start up - Sep. 14, '04, 7:24:29 PM   
markfunk

 

Posts: 670
Joined: Mar. 31, '03,
Status: offline
How are you planning on configuring this Windows service ? As a default service that starts with "SYSTEM" credentials or are you explicitly selecting local Administrator and its password in the service parameters ?

(in reply to cortez_)
Post #: 7
RE: sshd permissions on start up - Sep. 15, '04, 12:33:21 AM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
I did some experiments and:
when moved sshd script from /etc/init.d to somewhere else and tried to start it as servis it didn't work
I started the sshd itself as service with SYSTEM account but it immidiately loogged user out after logging in
I needed to grant the service root rights so that now it works in userspace as if it was started by me from the command shell - and that works fine
There is a LIBRARY_LD_PATH in the /stc/inint.d/sshd somewhere defined - I just added it to my .bash_profile to be exported when I log in, or maybe is there a nicer way to do this?

< Message edited by cortez_ -- Sep. 15, '04, 12:34:35 AM >

(in reply to markfunk)
Post #: 8
RE: sshd permissions on start up - Sep. 15, '04, 7:04:42 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
Sorry, should have been more precise. Log in on console as Administrator. Open up a ksh session, and type the following:

/etc/init.d/sshd stop
mv /etc/rc2.d/S32sshd /etc/rc2.d/.s32sshd
service install -n SSHDaemon -u Administrator -p password -s auto /usr/local/sbin/sshd -D
service start SSHDaemon

(in reply to cortez_)
Post #: 9
RE: sshd permissions on start up - Sep. 15, '04, 7:10:29 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
After reading cortez_'s second message above, I should add that we have not been able to start interactive sessions - it just logs you out straight away. We can do ssh administrator@node74 /bin/sh but there are no terminal features.

I had assumed this was an unrelated problem, but I really don't know. For me this isn't important as my goal is automation.

(in reply to tomn)
Post #: 10
RE: sshd permissions on start up - Sep. 15, '04, 9:05:10 AM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
As I have installed the service as user root ist enables me to log in and use external computers visible in the /net folder

BTW. what is the -D option in sshd for?

(in reply to tomn)
Post #: 11
RE: sshd permissions on start up - Sep. 15, '04, 9:30:21 AM   
tomn

 

Posts: 7
Joined: Aug. 31, '04,
Status: offline
Without -D, sshd uses fork() to launch the daemon so it runs in the background, thus returning control to the user straight away. This confuses the Windows service manager which thinks the daemon has quit or crashed (even though it's actually still running). -D forces sshd to run in the foreground and not to quit until it is killed.

(in reply to cortez_)
Post #: 12
RE: sshd permissions on start up - Sep. 15, '04, 10:08:54 AM   
cortez_

 

Posts: 330
Joined: Mar. 27, '04,
From: Poland
Status: offline
But actually I haven't noticed that behaviour...

(in reply to tomn)
Post #: 13
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> Interix Advanced Forum >> sshd permissions on start up Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.109