本帖最后由 pig2 于 2013-12-17 16:43 编辑
安装Cygwin过程中,选择OpenSSH包。安装完成后,运行ssh -V,查看版本无误。运行 ssh localhost 发生错误:ssh: connect to host localhost port 22: Connection refused 因为Cygwin只是自动安装了客户端,服务端没有安装启动,ssh的服务端是作为windows的一个名为sshd的services存在的。 安装服务端,在Cygwin Shell下运行 ssh-host-config 这个发生的奇怪问题就更多了: 1、第一次提示要创建新账户,然后有提示没权限。退出,在win7下用【以管理员身份运行】cygwin。然后这个问题没有了(其实这时就应该仔细看cygwin的提示,就不会发生以下的曲折过程)。
2、在windows服务管理器中启动sshd服务失败。通过win7的服务管理器查看,cygwin sshd服务确实安装上了,但是没有启动。所以,点击启动,但是启动失败。查看var/log/sshd.log日志文件,发现提示启动错误原因是:
/var/empty must be owned by root and not group or world-writable. 于是按提示去修改/var/empty的所属用户。 chown root empty
3、发生错误,提示没有root用户。因为cygwin用的是当前windows登录的用户(Cygwin中能看到的用户都是windows中的用户,如果没有创建过root用户,当然就没有。)所以,到windows中创建root,然后继续执行chown root empty(注意执行这个命令要求cygwin是以管理者身份运行的,否者提示权限不足)。修改成功。
4、继续启动服务,仍然失败,log中还是一样的错误信息。于是google,终于找到一个解决方法。其实是提示信息有误导,因为在windows下,其实SYSTEM账号才是和linux下的root相似的,而不是我们自己创建的root。所以,重新修改权限
chown SYSTEM.None empty
再次启动服务:$ cygrunsrv -S sshd (删除服务是 $ cygrunsrv -R sshd) 终于见到了可爱的河马画面(这个应该是河马吧#¥%&&……)(为了这个问题折腾了整整半天。。。)
后记: 出了问题要学会看log,这比漫无目的的google好,因为把log里的错误在google上搜索要定位准确。 但是,log不是万能的,有些log内容不准确容易误导,就像这个错误,这时候,一定要google了 =================================================================== 如果卸载过, 重新安装,会有以下提示( 我第一次想当然的选择 *** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) no 这两个回答no,其他yes即可----这就是杯具的伏笔。。。耐心往后看吧。。。) 操作也在以管理员身份运行的Cygwin中完成,否则服务会安装失败。 $ ssh-host-config
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file
*** Query: Overwrite existing /etc/inetd.d/sshd-inetd file? (yes/no) yes
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd
*** Warning: The following functions require administrator privileges!
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so. *** Info: You appear to be running Windows 2003 Server or later. On 2003
*** Info: and later systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd). *** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers. *** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) no
*** ERROR: There was a serious problem creating a privileged user.
*** Query: Do you want to proceed anyway? (yes/no) yes
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM' *** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'. Otherwise, it
*** Info: will start automatically after the next reboot. *** Info: Host configuration finished. Have fun!
pwzfb@pwzfb-PC ~
$ cygrunsrv -S sshd
=================================================================================== 耐心的看到这了吗,更多的问题又来了。虽然sshd服务启动了,但随后在使用ssh-keygen搭建无密码登陆环境中出错了 % ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
% cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
以上两个命令创建了无密码登陆的公钥(具体原理参看:OpenSSH 密钥管理)运行ssh localhost 或者 ssh 127.0.0.1 登陆本机,杯具又一次发生,总是发生:Connection closed by $hostname这样的错误。 首先确认在没有无密码登陆的情况下是否能够ssh登陆成功,先删除刚才在home用户目录下创建的.ssh文件夹及其下的文件,然后用ssh localhost登陆,没有问题。一旦使用key authentication无密码登陆时,就发生错误。 又犯了寻找问题根源的错误,用Connection closed by ,cygen,ssh localhost等作为关键字遍搜google,文章无数,解决方案繁多,但是没有一个有效,主要是说hosts.allow,hosts.deny,ssh_config等文件需要修改的问题,我是改了一遍又一遍没有效果。 。。。。 最后思考,使用sshd服务登陆失败,在windows的事件管理器中应该有log呀,清空原先的log,执行ssh localhost指令,果然发现一条错误log,大概是:seteuid *****: Permission denied 。应该是服务没有某项设置用户的权限,于是循着这个线索为关键字,继续找google。 先想到我用的家庭高级版win7没有启动administrator用户,于是F8到安全模式,运行net user administrator /active:yes 激活超户,然后用此用户登录执行cygwin重设无密码登陆环境,问题依旧。(其实想想根本不用这么费事,用以管理员身份运行cygwin不就等同于登录administrator运行cygwin吗,当时也是晕了。而且这也是想当然的错误,因为在服务管理器中可以看到,sshd服务运行在本地系统这个内置账号下,其实与我登陆的账户没有关系。。。权限不足也是指运行服务的这个本地系统账户(即SYSTEM)权限不足。)
后来在google上看到cygwin的一个官方mail问答。终于找到答案。参考Installing the Cygwin SSH daemon。问题关键就是一个特殊的权限问题,在SYSTEM账户下运行的sshd服务需要有改变user id的特权(关于权限的问题,在cygwin的/usr/share/doc/Cygwin/openssh.README 中已经说得很明确了:2003 Server has a funny new feature. When starting services under SYSTEM account, these services have nearly all user rights which SYSTEM holds...except for the "Create a token object" right, which is needed to allow public key authentication :-( )。所以事件日志会有seteuid的错误。 至于解决方案,就是让cygwin帮你创建两个特殊用户sshd和cyg_server,其中sshd服务在cyg_server用户下运行,cyg_server有相应的权限(在/usr/share/doc/Cygwin/openssh.README 中也有说明)。 。。。。。 后记的后记: 问题是解决了,但是当我按步骤重新操作时才发现,运行ssh-host-config时给的提示非常明确,但是自己犯经验主义错误(因为之前在Red hat Linux下安装不会存在这些提示和问题,因为linux的root用户有足够的权限),根本没有仔细看,遗漏了这么明确和重要的提示,走了很多弯路才成功,哎。。。教训啊。。
......
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd
*** Warning: The following functions require administrator privileges!
*** Query: Do you want to install sshd as a service?
yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires. You need to have or to create a privileged
*** Info: account. This script will help you do so. *** Info: You appear to be running Windows 2003 Server or later. On 2003
*** Info: and later systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd). *** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers. *** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
*** Info: Please enter a password for new user cyg_server. Please be sure
*** Info: that this password matches the password rules given on your system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter: *** Info: User 'cyg_server' has been created with password '*****'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account. *** Info: Also keep in mind that the user 'cyg_server' needs read permissions
*** Info: on all users' relevant files for the services running as 'cyg_server'. *** Info: In particular, for the sshd server all users' .ssh/authorized_keys
*** Info: files must have appropriate permissions to allow public key
*** Info: authentication. (Re-)running ssh-user-config for each user will set
*** Info: these permissions corrently. [Similary restrictions apply, for
*** Info: instance, for .rhosts files if the rshd server is running, etc].
*** Info: The sshd service has been installed under the 'cyg_server'
*** Info: account. To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!
|