Openssh SSHD Service won't start

5 replies [Last post]
tk
Offline
Joined: 01.05.2008

I have installed copssh 1.3.6 on a Windows 2000 Server system and added one user to the passwd file.Trying to start the "Openssh SSHD" service failes.
I get these errors:

Windows warning message:
Could not start the Openssh SSHD service on Local Computer
Error 1053: The service did not respond to the start or control requests in a timely fashion.

Windows event log:
The description for Event ID ( 0 ) in Source ( copSSHD ) cannot be found.
The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.
The following information is part of the event: copSSHD : PID 696 : starting service `copSSHD' failed: execv: 1, Operation not permitted.

Copssh.log:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_rsa_key
Could not load host key: /etc/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh_host_dsa_key
Could not load host key: /etc/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

I tried reinstalling and experimenting with NTFS permissions but i can't find the solution.
On other Windows 2000 machines it does work with the same settings.

I read something about dependency on the "TCPlp" service but i can't find that service in my windows services list.

tk
Offline
Joined: 01.05.2008

The service denies to start because permissions on host keys are looser than expected and parameter StrictModes is set to Yes in the configuration file. CopSSH setup makes sure that host keys have correct permissions and StrictModes is Yes (Recommended).
It seems that something went wrong during installation. Try to remove existing installation and run the setup again. You may publish installation log here if you still experience problems.

tk
Offline
Joined: 01.05.2008

Thanks for your help.I uninstalled and reinstalled copssh but the problem and error messages remain the same.

The installation log: Click Here
When activating a user i get this error: Click Here

When i start the service with windows service manager, it remains in "starting" state until i kill the "cygunsrv" proces in my process manager.

tk
Offline
Joined: 01.05.2008

Your installation log tells everything:

Setting permissions on D:\copssh (run setperms.cmd)
Default Sam Server will be n.....0
LookupAccountName : setowner 1722 The RPC server is unavailable.
Current object D:\copssh\* will not be processed

There are problems regarding getting user information from server na...0 (RPC Server is unavailable). As a result of this, permissions on copssh directories are not set up correctly, causing failure during start of opensshd service. I have no idea about why this happens on this specific machine. Is it a domain controller ? Any strange messages in the event log ? any other software not working as expected ? Do all automatic services start correctly ? ...... 

tk
Offline
Joined: 01.05.2008

I ran into the same error message on an XP Pro system. To complicate matters, I could start the service just fine, but I couldn't successfully log in with an ssh client.
Once I tracked down the solution, it was easy to implement. The problem is that the subinacl.exe provided with copssh is outdated (12/2/1999).

Download a newer (5.2.3790.1180, 6/14/2004) version of it from microsoft:
http://www.microsoft.com/downloads/details.aspx?familyid=e8ba3e56-d8fe-4...

Replace the subinacl.exe file in the copssh bin/ directory with the newer version.

Run the setperms.cmd DOS batch file, which is the step that failed during the installation process.

Don't forget to activate a user. (You *might* need to deactivate/activate previously activated users, as they may not have been activated properly. I don't think this is necessary, though.)

Good luck!

I still get weird info prepended to event log entries:
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details.

But the service seems to be working properly now, so I'll ignore that... for now. It would be nice to see an update of copSSH that addresses this logging problem in XP Pro. (And don't forget to update the subinacl.exe in the next release!)

tk
Offline
Joined: 01.05.2008

Thanks for your feedback. I have had problems with newer versions of subinacl on older systems like NT. That was the reason to use a version dated 1999.

The next major release of copssh will have its own open source admin tool to perform tasks performed by various tools including subinacl.