15

I am a fan of Linux but due to bad Intel wireless drivers in Linux, I had to switch to Windows 7. I have installed Cygwin in Windows and want to configure SSH to remotely connect to my laptop.

I searched with Google and found information for installing openssh server on Win 7, but I am getting the following error when running ssh-host-config:

bala@bala-PC ~
$ ssh-host-config
yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation be used? (yes/no) no
*** Info: Updating /etc/sshd_config file

*** Warning: The following functions require administrator privileges!

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Warning: The owner and the Administrators need
*** Warning: to have .w. permission to /var/run.
*** Warning: Here are the current permissions and ACLS:
*** Warning:     drwxr-xr-x 1 bala None 0 2010-01-17 22:34 /var/run
*** Warning:     # file: /var/run
*** Warning:     # owner: bala
*** Warning:     # group: None
*** Warning:     user::rwx
*** Warning:     group::r-x
*** Warning:     other:r-x
*** Warning:     mask:rwx
*** Warning:
*** Warning: Please change the user and/or group ownership,
*** Warning: permissions, or ACLs of /var/run.

*** ERROR: Problem with /var/run directory. Exiting.

The permissions of this folder are shown as read-only (only applies to this folder), checked in gray. I tried to uncheck but after I open the properties again, the box is again checked. Is there a way to change the permissions of this folder?

BryanH
  • 5,826
  • 3
  • 34
  • 47
Boolean
  • 14,266
  • 30
  • 88
  • 129
  • 2
    is it related to window UAC? will it happen if you run Cygwin using Administrator? – Tommy Jan 29 '10 at 03:33
  • I actually disabled UAC in my machine. This happens even when using "run as administrator" – Boolean Jan 29 '10 at 03:38
  • Should this be on SuperUser? It's not programming-related. – Catchwa Jan 29 '10 at 04:15
  • I am actually a developer, not a administrator. – Boolean Jan 29 '10 at 04:32
  • 1
    Just in case anyone else comes across this old, old cygwin + sshd question looking for troubleshooting tips: you should probably look elsewhere. Answering "no" to "Query: Should privilege separation be used? (yes/no) no" (and "yes" to running sshd as a service) means that any attempt to make this work is probably in vain. First: I don't know why you wouldn't use privilege separation; second, if you don't, I'm guessing this option is not going to be very well tested/supported/documented across different versions/configurations of Windows. – michael Oct 01 '12 at 03:25

9 Answers9

8

Sorry to unbury such an old thread, but this question always came up when I googled this specific problem.

After a few months, I finally found a solution. When I set up cygwin, I didn't have my user and group accounts correctly created in cygwin. The main way to do this is to run:

mkpasswd -l > /etc/passwd
mkgroup -l > /etc/group

If you are logging in using a domain user and passwd, you can do:

mkpasswd -l -d > /etc/passwd 
mkgroup -l -d > /etc/group

Or, if you have an incredibly large network like mine, you may not really want that. An alternative is to just user your local users and group plus whatever one you are currently logged in as:

mkpasswd -l > /etc/passwd
mkpasswd -c >> /etc/passwd
mkgroup -l > /etc/group
mkgroup -c >> /etc/group

After I did this, I was finally able to run ssh-host-config correctly to create the service.

Matthew Flower
  • 91
  • 1
  • 2
  • Hi Matthew, I tried these options but it is still not allowing to me to provide a "blank password" – Pranav Kaushik Feb 07 '13 at 10:23
  • 3
    This advice is obsolete since Cygwin 1.7.35, where the default way to get username/group info is from the native Windows databases, either SAM or AD, depending on whether your system is on a Windows domain or not. Unless you have a very specific need to be able to override SAM/AD via `/etc` files, you should not have these files at all now. See [Chapter 3 in in the Cygwin User's Guide](https://cygwin.com/cygwin-ug-net/ntsec.html). – Warren Young Aug 31 '15 at 03:15
5

I'm running cygwin 1.7 on Windows 7 x64 and sshd. I don't remember getting this error when I ran sshd_config, but I just looked at my /var/run directory and it's set to 777.

Try this in a cygwin shell chmod 777 /var/run

karoberts
  • 9,828
  • 4
  • 39
  • 39
  • I tried this option too. bala@bala-PC ~ bala@bala-PC ~ $ chmod 777 /var/run bala@bala-PC ~ $ ls -l /var total 0 drwxr-xr-x 1 bala None 0 2010-01-17 22:34 cache drwxr-xr-x 1 bala None 0 2010-01-17 22:35 cron drwxr-xr-x 1 bala None 0 2010-01-23 11:46 empty drwxr-xr-x 1 bala None 0 2010-01-17 22:34 lib drwxr-xr-x 1 bala None 0 2010-01-17 22:32 log drwxr-xr-x 1 bala None 0 2010-01-17 22:34 run drwxr-xr-x 1 bala None 0 2010-01-17 22:34 tmp -rw-r--r-- 1 bala None 0 2010-01-23 11:44 utmp – Boolean Jan 29 '10 at 03:42
  • sorry the output doesn't seem to be formatted properly. I have tried -R 777 option too. – Boolean Jan 29 '10 at 03:43
  • 2
    This does *not* work for me. The chmod command above is a no-op. – e40 Mar 22 '12 at 21:11
4

I had a lot of trouble with this myself. I have found that the default install steps work just fine provided that I:

  1. Start the Cygwin shell as an Administrative user with the "Run As Administrator" option.
  2. Have UAC disabled.
  3. Have real-time virus protection disabled.

Once these steps have been taken, the default install steps are:

  1. Install "openssh" from the Cygwin installer.
  2. Start the Cygwin shell as an Administrative user with the "Run As Administrator" option.
  3. Run "ssh-host-config" from the Cygwin shell.
  4. Privilege Separation: yes
  5. New local account "sshd": yes
  6. Install sshd as service: yes
  7. CYGWIN value: ntsec tty
  8. Different name for "cyg_server": no
  9. Create new privileged user account "cyg_server": yes
  10. Set "cyg_server" password and keep in a safe place
  11. net start sshd

After that, everything seems to work fine on both Windows 7 Professional and Home.

If you already have a failed Cygwin sshd installation, it may be best to do a full uninstall and start fresh.

Here are the Cygwin uninstall instructions if you need them: http://cygwin.com/faq/faq.html#faq.setup.uninstall-all

Jason Stewart
  • 374
  • 4
  • 7
3

I first had to remove the broken installation:

cygrunsrv --remove sshd
rm -rf /var/log/sshd* /etc/ssh_host* /etc/sshd_config /var/empty

then generate passwd & group as mentioned above: 

mkpasswd -l > /etc/passwd
mkgroup -l > /etc/group

then I ran:

ssh-host-config -y
cygrunsrv --start sshd

and finaly the "setuid failed" messages dissapeared and login worked.

dothebart
  • 5,972
  • 16
  • 40
2

In a cygwin shell, make sure you are administrator then:

takeown /F "C:\cygwin" /R
icacls "C:\cygwin" /grant Everyone:\(F\) /T
icacls "C:\cygwin"
chmod 777 -R "c:\cygwin"
Zombo
  • 1
  • 62
  • 391
  • 407
N0thing
  • 6,745
  • 3
  • 20
  • 16
  • 2
    This, too, is a no-op for me. I think the answer to why this doesn't work for some of us must lie in the Windows permissions for /var/run. *Nothing* I've done, however, has had any effect. I've removed *all* permissions on /var/run and made one ones that are wide open. Nada. – e40 Mar 22 '12 at 21:12
  • This worked on win7, cygwin64: setfacl -b ~/.ssh/config; chmod 0600 ~/.ssh/config; from http://superuser.com/questions/348694/bad-owner-or-permissions-error-using-cygwins-ssh-exe – mosh Oct 06 '16 at 14:14
1

In Windows Explorer, for folder /var:

Properties.
Security.
Add group Administrators with full control for the folder and subfolders.

It works for me.

mins
  • 6,478
  • 12
  • 56
  • 75
AltAir
  • 241
  • 1
  • 7
0

I was only able to run the ssh-host-config script successfully when I installed Cygwin on a hard drive of type NTFS. The ssh-host-config script did not work when I had Cygwin installed on a flash drive of type exFAT.

Joe Hunt
  • 161
  • 2
  • 5
0

I was having the same problem. My problem, I believe, was because I had a custom /etc/fstab file where I was mounting the root folder with "noacl" option. Here is how I solved the problem:

  1. Move the custom /etc/fstab out of the way:

     mv /etc/fstab /etc/fstab.bak

    Alternatively, you can edit your /etc/fstab file and remove the noacl option.

  2. Close all Cygwin bash windows and any other Cygwin processes or services. If you have any Cygwin process running, it will keep things mounted with the old /etc/fstab settings.

  3. Start a new Cygwin bash window.

  4. You may need to run the following.

    chmod +r /etc/passwd
chmod o+x /var
chmod +w /var/run

  5. Cross your fingers, run ssh-host-config, and it should now complete without errors.

  6. If you moved your /etc/fstab in Step 1, you can move it back now:

     mv /etc/fstab.bak /etc/fstab

  7. If you created new users after you first installed Cygwin, update /etc/passwd, otherwise those users may not be able login via ssh:

    mkpasswd -l > /etc/passwd

  8. Also, go to Windows Firewall, and allow C:/cygwin/usr/sbin/sshd.exe and C:/cygwin/usr/sbin/sftp-server.exe

ahmetsacan
  • 31
  • 3
0

for windows Users run "Cygwin Terminal" by right-clicking on shortcut and run it as a administrator....enter image description here

Now Run "ssh-host-config" from the Cygwin Terminal...It will definitely work.

Kunal
  • 604
  • 10
  • 18