cygwin上安装、启动ssh服务失败、ssh localhost失败的解决方案（转）

整个就是一个很奇怪的过程。。。：-（（犯了很多经验主义和想当然的错误）

 

安装Cygwin过程中，选择OpenSSH包。安装完成后，运行ssh -V，查看版本无误。运行

ssh localhost

发生错误：ssh: connect to host localhost port 22: Connection refused

因为Cygwin只是自动安装了客户端，服务端没有安装启动，ssh的服务端是作为windows的一个名为sshd的services存在的。

安装服务端，在Cygwin Shell下运行

ssh-host-config

这个发生的奇怪问题就更多了：

1、第一次提示要创建新账户，然后有提示没权限。退出，在win7下用【以管理员身份运行】cygwin。然后这个问题没有了（其实这时就应该仔细看cygwin的提示，就不会发生以下的曲折过程）。

2、在windows服务管理器中启动sshd服务失败。通过win7的服务管理器查看，cygwin sshd服务确实安装上了，但是没有启动。所以，点击启动，但是启动失败。查看var/log/sshd.log日志文件，发现提示启动错误原因是：

/var/empty must be owned by root and not group or world-writable.

于是按提示去修改/var/empty的所属用户。

chown root empty

3、 发生错误，提示没有root用户。因为cygwin用的是当前windows登录的用户（Cygwin中能看到的用户都是windows中的用户，如果没 有创建过root用户，当然就没有。）所以，到windows中创建root，然后继续执行chown root empty（注意执行这个命令要求cygwin是以管理者身份运行的，否者提示权限不足）。修改成功。

4、继续启动服务，仍然失败，log中还是一样的错误信息。于是google，终于找到一个解决方法。其实是提示信息有误导，因为在windows下，其实SYSTEM账号才是和linux下的root相似的，而不是我们自己创建的root。所以，重新修改权限

chown SYSTEM.None empty

再次启动服务：$ cygrunsrv -S sshd  （删除服务是 $ cygrunsrv -R sshd）  终于见到了可爱的河马画面（这个应该是河马吧#￥%&&……）（为了这个问题折腾了整整半天。。。）

 

后记：

出了问题要学会看log，这比漫无目的的google好，因为把log里的错误在google上搜索要定位准确。

但是，log不是万能的，有些log内容不准确容易误导，就像这个错误，这时候，一定要google了

===================================================================

如果卸载过， 重新安装，会有以下提示（ 我第一次想当然的选择  *** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) no   这两个回答no，其他yes即可----这就是杯具的伏笔。。。耐心往后看吧。。。）

操作也在以管理员身份运行的Cygwin中完成，否则服务会安装失败。

$ ssh-host-config
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file
*** Query: Overwrite existing /etc/inetd.d/sshd-inetd file? (yes/no) yes
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd

*** Warning: The following functions require administrator privileges!

*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows 2003 Server or later.  On 2003
*** Info: and later systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: No privileged account could be found.

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) no
*** ERROR: There was a serious problem creating a privileged user.
*** Query: Do you want to proceed anyway? (yes/no) yes
*** Warning: Expected privileged user 'cyg_server' does not exist.
*** Warning: Defaulting to 'SYSTEM'

*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'.  Otherwise, it
*** Info: will start automatically after the next reboot.

*** Info: Host configuration finished. Have fun!

 

pwzfb@pwzfb-PC ~
$ cygrunsrv -S sshd

 

===================================================================================

耐心的看到这了吗，更多的问题又来了。虽然sshd服务启动了，但随后在使用ssh-keygen搭建无密码登陆环境中出错了

% ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
% cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

以上两个命令创建了无密码登陆的公钥（具体原理参看：OpenSSH 密钥管理）运行ssh localhost 或者 ssh 127.0.0.1 登陆本机，杯具又一次发生，总是发生：Connection closed by $hostname这样的错误。

首先确认在没有无密码登陆的情况下是否能够ssh登陆成功，先删除刚才在home用户目录下创建的.ssh文件夹及其下的文件，然后用ssh localhost登陆，没有问题。一旦使用key authentication无密码登陆时，就发生错误。

又 犯了寻找问题根源的错误，用Connection closed by ，cygen，ssh localhost等作为关键字遍搜google，文章无数，解决方案繁多，但是没有一个有效，主要是说 hosts.allow，hosts.deny，ssh_config等文件需要修改的问题，我是改了一遍又一遍没有效果。

。。。。

最 后思考，使用sshd服务登陆失败，在windows的事件管理器中应该有log呀，清空原先的log，执行ssh localhost指令，果然发现一条错误log，大概是：seteuid *****: Permission denied 。应该是服务没有某项设置用户的权限，于是循着这个线索为关键字，继续找google。

先想到我用的家庭高级版win7没有启动administrator用户，于是F8到安全模式，运行net user administrator /active:yes 激 活超户，然后用此用户登录执行cygwin重设无密码登陆环境，问题依旧。（其实想想根本不用这么费事，用以管理员身份运行cygwin不就等同于登录 administrator运行cygwin吗，当时也是晕了。而且这也是想当然的错误，因为在服务管理器中可以看到，sshd服务运行在本地系统这个内 置账号下，其实与我登陆的账户没有关系。。。权限不足也是指运行服务的这个本地系统账户（即SYSTEM）权限不足。）

 

 

后来在google上看到cygwin的一个官方mail问答。终于找到答案。参考Installing the Cygwin SSH daemon 。问题关键就是一个特殊的权限问题，在SYSTEM账户下运行的sshd服务需要有改变user id的特权（关于权限的问题，在cygwin的/usr/share/doc/Cygwin/openssh.README 中已经说得很明确了：2003 Server has a funny new feature.  When starting services under SYSTEM  account, these services have nearly all user rights which SYSTEM holds...except for the "Create a token object" right, which is needed to allow public key authentication :-( ）。所以事件日志会有seteuid的错误。

至于解决方案，就是让cygwin帮你创建两个特殊用户sshd和cyg_server，其中sshd服务在cyg_server用户下运行，cyg_server有相应的权限（在/usr/share/doc/Cygwin/openssh.README 中也有说明）。

。。。。。

后记的后记：

问 题是解决了，但是当我按步骤重新操作时才发现，运行ssh-host-config时给的提示非常明确，但是自己犯经验主义错误（因为之前在Red hat Linux下安装不会存在这些提示和问题，因为linux的root用户有足够的权限），根本没有仔细看，遗漏了这么明确和重要的提示，走了很多弯路才成 功，哎。。。教训啊。。

......
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd

*** Warning: The following functions require administrator privileges!

*** Query: Do you want to install sshd as a service?
yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: On Windows Server 2003, Windows Vista, and above, the
*** Info: SYSTEM account cannot setuid to other users -- a capability
*** Info: sshd requires.  You need to have or to create a privileged
*** Info: account.  This script will help you do so.

*** Info: You appear to be running Windows 2003 Server or later.  On 2003
*** Info: and later systems, it's not possible to use the LocalSystem
*** Info: account for services that can change the user id without an
*** Info: explicit password (such as passwordless logins [e.g. public key
*** Info: authentication] via sshd).

*** Info: If you want to enable that functionality, it's required to create
*** Info: a new account with special privileges (unless a similar account
*** Info: already exists). This account is then used to run these special
*** Info: servers.

*** Info: Note that creating a new user requires that the current account
*** Info: have Administrator privileges itself.

*** Info: No privileged account could be found.

*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name? (yes/no) no
*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
*** Info: Please enter a password for new user cyg_server.  Please be sure
*** Info: that this password matches the password rules given on your system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:

*** Info: User 'cyg_server' has been created with password '*****'.
*** Info: If you change the password, please remember also to change the
*** Info: password for the installed services which use (or will soon use)
*** Info: the 'cyg_server' account.

*** Info: Also keep in mind that the user 'cyg_server' needs read permissions
*** Info: on all users' relevant files for the services running as 'cyg_server'.

*** Info: In particular, for the sshd server all users' .ssh/authorized_keys
*** Info: files must have appropriate permissions to allow public key
*** Info: authentication. (Re-)running ssh-user-config for each user will set
*** Info: these permissions corrently. [Similary restrictions apply, for
*** Info: instance, for .rhosts files if the rshd server is running, etc].

*** Info: The sshd service has been installed under the 'cyg_server'
*** Info: account.  To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'.  Otherwise, it will start automatically
*** Info: after the next reboot.

*** Info: Host configuration finished. Have fun!