headers
Brian Dessent | 1 Dec 2005 02:14
Favicon

Re: Syslog "event source" registration [Was Re: Suggest cygrunsrv extension: --pidfile option (patch included)]

Igor Pechtchanski wrote:

> Why complicate openlog()?  Let the Cygwin applications that use openlog()
> do this (e.g., in a postinstall script).  We could even add a utility
> package in "Base", similar to "editrights", that contains scripts for
> adding and removing this setting (something like 'regtool add
> "KEY/$1/VAL"; regtool set "KEY/$1/VAL" "value"') that the postinstall and
> preremove scripts can invoke...  That way this would also be cleaned up
> if, say, "openssh" were uninstalled.

That is certainly a reasonable alternative.  Though it's slightly less
automatic since it requires every package maintainer of any program that
writes to the event log to do something in a postinstall (and presumably
preremove) script.  But if it were turnkey to the point of being able to
just run "add-event-source sshd" in a postinstall, then it wouldn't be
too much hassle, and the user could even do it manually if necessary.

Brian
Permalink | Reply | 0 comments |
headers
Karl M | 1 Dec 2005 02:24
Picon
Favicon

RE: how to make ssh-agent automatically

Hi HS...

You can use keychain (a package available from setup.exe).

I do something like

ssh-add -l >/dev/null 2>&1
if [ $? -eq 1 ]; then
  ssh-add
fi

in my .bash_profile, because keychain is slow when I launch several windows.

Why do you kill the agent when you log out? (Windows will kill it when you 
log off from windows.)
If you want to keep the agent around from one login to the next, you can 
launch the agent as a service. I used to do that with keychain, but for 
performance reasons, I use ssh-agent and ssh-add directly. I plan on 
proposing a package for doing this.

HTH,

...Karl

>From: "H.S."
>Subject: how to make ssh-agent automatically
>Date: Wed, 30 Nov 2005 17:56:21 -0500
>
>Hi,
>
(Continue reading)

Permalink | Reply | 3 comments |
headers
H.S. | 1 Dec 2005 03:24
Picon

Re: how to make ssh-agent automatically

Hi Karl,

Karl M wrote:
> Hi HS...
> 
> You can use keychain (a package available from setup.exe).
> 
> I do something like
> 
> ssh-add -l >/dev/null 2>&1
> if [ $? -eq 1 ]; then
>  ssh-add
> fi
> 
> in my .bash_profile, because keychain is slow when I launch several
> windows.

Okay, I will try that. BTW, just out of curosity, is using keychain only
one of the methods to achieve this or is it the only method? I mean, is
it possible to do this without keychain or any other packages and just
with ssh and rsync and login/logout files and environment variables?

> 
> Why do you kill the agent when you log out? (Windows will kill it when
> you log off from windows.)

Currently I was starting ssh-agent in cygwin command prompt window. And
if I did not kill ssh-agent the window would not close upon exit. By
killing if from .bash_logout solved that problem.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Yaakov S (Cygwin Ports | 1 Dec 2005 03:35
Picon
Gravatar

[ANNOUNCEMENT] Updated: gnome-keyring-0.4.6-1


The following packages have been updated in the Cygwin distribution:

*** gnome-keyring-0.4.6-1

GNOME Keyring is a system to store passwords and other sensitive data in
a standardized way across all GNOME applications.

A keyring stores a collection of encrypted passwords and encrypted
information about those passwords. A user can have multiple keyrings,
each for a different use, but there is a "default" one. There is also a
special "session" keyring which is not stored on disk and goes away when
you log out.

This release is an update to the newest upstream version.

Yaakov

--              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com <at> cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple
(Continue reading)

Permalink | Reply | 0 comments |
headers
Karl M | 1 Dec 2005 04:59
Picon
Favicon

Re: how to make ssh-agent automatically

Hi H.S....

Using keychain is only one way, it is not the only way. I no longer use 
keychain.

I launch ssh-agent from a bash script that is run as a service from 
cygrunsrv; it is run as the user, not as SYSTEM. This makes the ssh-agent 
process survive Windows logout; I only have to enter a passphrase after 
reboot. The bash script edits the user registry to define the environment 
variable for the ssh-agent socket. It sends a message that the environment 
has been updated and then waits on a sleeping child to keep the service 
control manager happy.

The script looks like

$ cat /bin/secret-agent-service
#!/bin/bash
# Launch the ssh-agent from a service so it survives logoff.

# When the service stops, kill the ssh-agent.
trap "ssh-agent -k;
  exit 0" TERM

# Clean up old files that may be left behind after a crash.
#   The file permissions make this safe to do in a multi-user
#   environment, but "/tmp" must be local to this host.
rm -rf /tmp/ssh-*

# Launch the ssh-agent.
eval $(ssh-agent)
(Continue reading)

Permalink | Reply | 1 comment |
headers
H. S. | 1 Dec 2005 06:17
Picon

zone alarm service depency problem with sshd

Hi,

I am trying to have sshd running on my Windows XP box. I have Zone Alarm 
installed, ver. 6.0.667.

I configured sshd with:
$> ssh-host-config

and started as a service:
$> cygrunsrv -S sshd
which promptly made Zone Alarm to ask if sshd should be allowed internet 
access. I allowed it's client as well as server access. And it worked 
from my other LAN PCs.

But then I noticed that after I rebooted the Windows XP box, I could no 
longer ssh to it from another computer even though the sshd service was 
running. Zone Alarm was blocking it. I had restart sshd service to make 
Zone Alarm ware to allow access to/from it.

A little google search resulted in making Zone Alarm service a 
dependency of sshd. So:
1. I removed sshd service using "cygrunsrv -R sshd"
2. I installed it again by making Zone Alarm service as it's dependency:
$> cygrunsrv -I sshd -p /usr/sbin/sshd -f "Cygwin SSH Demon" -y zlclient.exe

4. I rebooted the machine, but still couldn't connect to it via ssh. I 
noticed that sshd was not running!
3. So I restarted the service. But I get this error:
root <at> red ~
$ cygrunsrv -S sshd
(Continue reading)

Permalink | Reply | 6 comments |
headers
Marcel Telka | 1 Dec 2005 06:56
Picon

[ANNOUNCEMENT] Updated: stunnel-4.14-1

I've updated the stunnel package to version 4.14-1.

Stunnel is a program that allows you to encrypt arbitrary TCP connections
inside SSL (Secure Sockets Layer). Stunnel can allow you to secure non-SSL
aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel
provide the encryption, requiring no changes to the daemon's code.

Changes since 4.12-1:
- Updated to mainstream 4.14

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.

If you have questions or comments, please send them to the Cygwin
mailing list at: cygwin <at> cygwin.com . I would appreciate it if you
would use this mailing list rather than emailing me directly.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com <at> cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple
(Continue reading)

Permalink | Reply | 0 comments |
headers
H. S. | 1 Dec 2005 07:27
Picon

[SOLVED] Re: zone alarm service depency problem with sshd

H. S. wrote:
> Hi,
> 
> I am trying to have sshd running on my Windows XP box. I have Zone Alarm 
> installed, ver. 6.0.667.
> 
> I configured sshd with:
> $> ssh-host-config
> 
> and started as a service:
> $> cygrunsrv -S sshd
> which promptly made Zone Alarm to ask if sshd should be allowed internet 
> access. I allowed it's client as well as server access. And it worked 
> from my other LAN PCs.
> 
> But then I noticed that after I rebooted the Windows XP box, I could no 
> longer ssh to it from another computer even though the sshd service was 
> running. Zone Alarm was blocking it. I had restart sshd service to make 
> Zone Alarm ware to allow access to/from it.
> 
> A little google search resulted in making Zone Alarm service a 
> dependency of sshd. So:
> 1. I removed sshd service using "cygrunsrv -R sshd"
> 2. I installed it again by making Zone Alarm service as it's dependency:
> $> cygrunsrv -I sshd -p /usr/sbin/sshd -f "Cygwin SSH Demon" -y 
> zlclient.exe

The problem was that ... er ... zlclient is not a service at all, or so 
it seems to me (since "tasklist /svc" in a command prompt listed it, it 
first looked as service to me).
(Continue reading)

Permalink | Reply | 5 comments |
headers
Morche Matthias | 1 Dec 2005 07:57
Picon

RE: Re: how to make ssh-agent automatically

Simpler than using keychain and ssh-agent, Hmm... did You ever try to
just generate your key by ssh-keygen and then copy the public key
~/.ssh/id_dsa.pub eg to Your remote host into ~/.ssh/authorized_keys.
Would You consider this to be simpler?

  matthias

H.S. wrote:
> Hi Karl,
> 
> Karl M wrote:
>> Hi HS...
>> 
>> You can use keychain (a package available from setup.exe).
>> 
>> I do something like
>> 
>> ssh-add -l >/dev/null 2>&1
>> if [ $? -eq 1 ]; then
>>  ssh-add
>> fi
>> 
>> in my .bash_profile, because keychain is slow when I launch several
>> windows.
> 
> Okay, I will try that. BTW, just out of curosity, is using keychain
> only one of the methods to achieve this or is it the only method? I
> mean, is it possible to do this without keychain or any other
> packages and just with ssh and rsync and login/logout files and
> environment variables?
(Continue reading)

Permalink | Reply | 1 comment |
headers
H. S. | 1 Dec 2005 08:10
Picon

Re: how to make ssh-agent automatically

Morche Matthias wrote:
> Simpler than using keychain and ssh-agent, Hmm... did You ever try to
> just generate your key by ssh-keygen and then copy the public key
> ~/.ssh/id_dsa.pub eg to Your remote host into ~/.ssh/authorized_keys.
> Would You consider this to be simpler?
> 
>   matthias

(Yes, I have done this. This is necessary to make passwordless ssh 
login. And this is not what I was talking about anyway.)

Even if I assume for an instant I hadn't done this, how would this 
remove the need to run ssh-add on my local machine each time I reboot 
and login?

->HS
Permalink | Reply | 0 comments |

Gmane