I've pretty much given up on trying to extract the key bits from Cygwin in order to setup a SSHD server. The OpenSSH for Windows project at SourceForge seems to have what I'm looking for, they just don't have the RSync application included.
For an excellent introduction to SSH, check out OpenSSH for the impatient.
For setting up OpenSSH on a server, go ahead and grab the packages from the OpenSSH for Windows SourceForge project. The version that I'm using at the moment is "setupssh381-20040709". Inside that file you'll find a "setupssh.exe" which will install the packages as well as creating the Windows Service. I like to install my copy to "c:\bin\openssh".
Now open up the "c:\bin\openssh\docs\readme.txt" (or quickstart.txt) and follow the directions in order to create the "group" and "passwd" files. Then start up the OpenSSHD service (either from the command line as shown in quickstart.txt or using the Services control panel).
You should now be setup so that you can SSH in to the server from another workstation and get a command prompt on the server. However, the default install is pretty good in security, so you should not need to change anything sshd_config file. However, some things you may wish to change are:
1) The default server key-length is 1024 bits (which is okay, but not outstanding anymore). The man page says key lengths over 1024 bits don't matter, but another books says you should use 2048 bit keys.
2) Some key variables in the sshd_config file are:
a) PermitRootLogin - should be set to "no" which prevents you from logging in as root from another machine.
b) RSAAuthentication - setting this to no will disable the ability to login with a SSH1 client (I think...). The default sshd_config file has this explicitly set to "no".
c) PasswordAuthentication - you may want to change this to "no" and force users to setup a public/private key pair in order to login to the server.
(note: this post was never completed... so use with a grain of salt)
Monday, July 26, 2004
Wednesday, July 21, 2004
rsync.conf file for Cygwin environments
You should definitely refer to the official rsync website for the real documentation on configuring the rsyncd.conf file.
Locate your /etc folder under where you installed Cygwin. Since I installed Cygwin to C:\bin\cygwin, my /etc folder is C:\bin\cygwin\etc. For a fresh install, you'll need to create the "rsyncd.conf" file in that folder (C:\bin\cygwin\etc\rsyncd.conf).
(minimal rsyncd.conf file)
Locate your /etc folder under where you installed Cygwin. Since I installed Cygwin to C:\bin\cygwin, my /etc folder is C:\bin\cygwin\etc. For a fresh install, you'll need to create the "rsyncd.conf" file in that folder (C:\bin\cygwin\etc\rsyncd.conf).
(minimal rsyncd.conf file)
use chroot = false
strict modes = false
log file = rsyncd.log
[test]
path = /cygdrive/d/rsync/test
read only = false
transfer logging = yes
Minimal Cygwin install for RSync and SSH
Source links:
How to setup the secure shell daemon on a Windows 2000 machine?
Windows Rsync Server Setup
CygwinInstallationGuide (a wiki topic about the cygwin installation)
Note: The following probably doesn't work (probably missing a package, or the fact that I have GNU's unix tools for Win32 installed is problematic), but I might come back and make it work later so I'm leaving it here for now. I ran into trouble when trying to configure SSH. Right now, I've gone back to my original plan of either hacking apart the Cygwin files and manually copying only the DLLs and EXEs that I need or using the OpenSSH for Windows project at SourceForge.
1. Run the Cygwin setup.exe file and start the instllation. I chose to install to "c:\bin\cygwin", but left the rest of the options "as-is". Pick your mirror (use the Cygwin public mirrors page to find one close to you).
2. On the "Select Packages" screen, select the "Curr" option and make sure it says "Category" next to the "View" button at the top. The installation dialog is (finally) re-sizeable, so stretch it out or maximize it so you can see all of the columns.
3. Beside the "+All" category, it will say "Install", "Uninstall", ... click on the word until all of the categories say "Uninstall". (Note: These steps assume that you're doing a new Cygwin install and that you don't already have Cygwin installed.) Now we can start picking the minimum number of packages required to setup SSH and RSync.
4a. Under the "+Admin" category, you'll need to install the "cygrunsrv" package (click once on the "Skip" indicator under the "New" column). This will turn on a few other packages that this package depends on (mostly under the "+Base", "+Libs", and "+Shells" categories).
4b. Open up the "+Net" category and select the "rsync" and "openssh" packages. You'll also end up with "openssl" which is required in order to use "openssh".
5. Click the "Next" button to start downloading and installing the packages. If the download fails, choose another mirror, double-check your package selections (my copy remembered which packages I had already selected), and try again. The base install size required around 7MB of downloads and expanded out to 24MB (34MB actual due to a 4KB cluster size).
6. Fire up the cygwin shell, you should see a command-line window open with a "$" prompt. Try out a few unix commands (pwd, ls, whoami) to see if things are working.
7. Further steps... (I'll cover these in future posts)
a) Setup your rsync.conf file (in the "etc" folder)
b) create a service account for use by the rsync service
c) create a Windows service using the "cygrunsvc" tool
d) setup OpenSSH and then re-configure rsync to use it
How to setup the secure shell daemon on a Windows 2000 machine?
Windows Rsync Server Setup
CygwinInstallationGuide (a wiki topic about the cygwin installation)
Note: The following probably doesn't work (probably missing a package, or the fact that I have GNU's unix tools for Win32 installed is problematic), but I might come back and make it work later so I'm leaving it here for now. I ran into trouble when trying to configure SSH. Right now, I've gone back to my original plan of either hacking apart the Cygwin files and manually copying only the DLLs and EXEs that I need or using the OpenSSH for Windows project at SourceForge.
1. Run the Cygwin setup.exe file and start the instllation. I chose to install to "c:\bin\cygwin", but left the rest of the options "as-is". Pick your mirror (use the Cygwin public mirrors page to find one close to you).
2. On the "Select Packages" screen, select the "Curr" option and make sure it says "Category" next to the "View" button at the top. The installation dialog is (finally) re-sizeable, so stretch it out or maximize it so you can see all of the columns.
3. Beside the "+All" category, it will say "Install", "Uninstall", ... click on the word until all of the categories say "Uninstall". (Note: These steps assume that you're doing a new Cygwin install and that you don't already have Cygwin installed.) Now we can start picking the minimum number of packages required to setup SSH and RSync.
4a. Under the "+Admin" category, you'll need to install the "cygrunsrv" package (click once on the "Skip" indicator under the "New" column). This will turn on a few other packages that this package depends on (mostly under the "+Base", "+Libs", and "+Shells" categories).
4b. Open up the "+Net" category and select the "rsync" and "openssh" packages. You'll also end up with "openssl" which is required in order to use "openssh".
5. Click the "Next" button to start downloading and installing the packages. If the download fails, choose another mirror, double-check your package selections (my copy remembered which packages I had already selected), and try again. The base install size required around 7MB of downloads and expanded out to 24MB (34MB actual due to a 4KB cluster size).
6. Fire up the cygwin shell, you should see a command-line window open with a "$" prompt. Try out a few unix commands (pwd, ls, whoami) to see if things are working.
7. Further steps... (I'll cover these in future posts)
a) Setup your rsync.conf file (in the "etc" folder)
b) create a service account for use by the rsync service
c) create a Windows service using the "cygrunsvc" tool
d) setup OpenSSH and then re-configure rsync to use it
Hacking together a minimal rsync for windows installation
Based on what I've read elsewhere (links in my previous posting), I think I can pull the relevant pieces out of the Cygwin package. I'll try to keep good notes as to what worked and what didn't, but let me know if you find any errors. Rsync wrapper for Win32 seems to be a good starting point for which DLLs and files I'll need to pull out of the standard Cygwin release.
You can download the files off of any of the Cygwin public mirrors. Grab the following archives and extract them to a temporary directory on your machine.
release/cygwin/cygwin-1.5.10-3.tar.bz2
- contains the DLL file (usr/bin/cygwin1.dll) and a lot of base utilities
release/popt/libpopt0/libpopt0-1.6.4-4.tar.bz2
- contains the usb/bin/cygpopt-0.dll file
release/rsync/rsync-2.6.2-1.tar.bz2
- RSync (rsync executable)
Create a folder where you're going to store the rsync files (I use C:\bin\rsync).
Copy the following files to your rsync folder:
Create your rsync.conf file and put it in your rsync folder.
Test out whether you've gotten rsync working (thanks to "Aaron Johnson's page about rsync" for showing me what command line options to use). To do this, type the following commands:
If you have a log file, there should now be an entry indicating that rsync has started up and is listening on the default port (tcp/873). Looking at the processes in Windows Task Manager, you should see the "rsync.exe" process. You should also now test out some rsync transfers from another workstation to verify that your security settings and module settings are correct.
To do:
- create the user account to use for the rsync service
- setup rsync to run as a service (need the SRVANY.EXE file, I think)
- figure out how to get rsync talking through an SSHD server
You can download the files off of any of the Cygwin public mirrors. Grab the following archives and extract them to a temporary directory on your machine.
release/cygwin/cygwin-1.5.10-3.tar.bz2
- contains the DLL file (usr/bin/cygwin1.dll) and a lot of base utilities
release/popt/libpopt0/libpopt0-1.6.4-4.tar.bz2
- contains the usb/bin/cygpopt-0.dll file
release/rsync/rsync-2.6.2-1.tar.bz2
- RSync (rsync executable)
Create a folder where you're going to store the rsync files (I use C:\bin\rsync).
Copy the following files to your rsync folder:
cygwin1.dll
cygpopt-0.dll
rsync.exe
Create your rsync.conf file and put it in your rsync folder.
Test out whether you've gotten rsync working (thanks to "Aaron Johnson's page about rsync" for showing me what command line options to use). To do this, type the following commands:
c:
cd \bin\rsync
rsync --config="c:\bin\rsync\rsyncd.conf" --daemon
If you have a log file, there should now be an entry indicating that rsync has started up and is listening on the default port (tcp/873). Looking at the processes in Windows Task Manager, you should see the "rsync.exe" process. You should also now test out some rsync transfers from another workstation to verify that your security settings and module settings are correct.
To do:
- create the user account to use for the rsync service
- setup rsync to run as a service (need the SRVANY.EXE file, I think)
- figure out how to get rsync talking through an SSHD server
RSync and Windows
This is a follow-up to my previous post about Securing cwRSync. We were using the "cwRSync package", but when running in server mode it doesn't know how to talk to clients over an SSH-encrypted connection. Which isn't a big deal if you're only talking to other servers on the local network, but is problematic in cases where you have to be wary of eavesdropping (across WiFi links or untrusted networks like the internet). So I've been looking off-and-on over the past month at figuring out how to get an rsync service running using SSH on a Windows server.
One option is to install the full Cygwin package. Which is a bit much for a server (or rather, I'm not comfortable installing Cygwin on a server... yet).
Another option seems to be the OpenSSH for Windows project at SourceForge. That doesn't include rsync though, just scp. So I might look at "Installing ssh and rsync on a Windows machine: minimalist approach" which requires an absolute bare minimum of files to be installed. However, the files at that location are from Jan 2002, which is a bit old and the latest version as of July 2004 for the Cygwin DLL is cygwin-1.5.10-2.
One option is to install the full Cygwin package. Which is a bit much for a server (or rather, I'm not comfortable installing Cygwin on a server... yet).
Another option seems to be the OpenSSH for Windows project at SourceForge. That doesn't include rsync though, just scp. So I might look at "Installing ssh and rsync on a Windows machine: minimalist approach" which requires an absolute bare minimum of files to be installed. However, the files at that location are from Jan 2002, which is a bit old and the latest version as of July 2004 for the Cygwin DLL is cygwin-1.5.10-2.
Tuesday, July 20, 2004
Linux on Laptops
Today's useful link is: Linux on Laptops.
They have a short-n-sweet index where people submit links to their HOWTO pages regarding how to get a specific distro to work on a particular make/model of laptop.
They have a short-n-sweet index where people submit links to their HOWTO pages regarding how to get a specific distro to work on a particular make/model of laptop.
Friday, July 09, 2004
Gentoo: Setting up PostgreSQL
Getting PostgreSQL installed really isn't that difficult on Gentoo Linux.
Fire up nano... see for an explanation of why we need to edit sysctl.conf. The short version is that the 2.6 linux kernel has a default value (shared memory limits) that is too small to be compatible with PostgreSQL.
(add the following lines)
Now manually update the current values and start the server.
Now I'm off to explore the PostgreSQL documentation.
The default Gentoo install seems to already include a "postgres" user in /etc/passwd. To get logged in as the postgres user account, you will (I think) first need to switch to root.
Now you can continue with section 16. Skip the page about creating the database cluster, it's already been created in "/var/lib/postgresql/data" back when you ran the "ebuild config" command. You can verify this by looking at the config file ("cat /etc/conf.d/postgresql"), where the PGDATA= line indicates the location of the database.
In fact, skip straight to chapter 16.4 - Run-time Configuration, because the server is already running. To verify that the server is running, "cat /var/lib/postgresql/data/postmaster.pid". Make a note of the PID on the first line (second line is the database location), then "cat /proc/nnnn/status" (replacing "nnnn" with the PID).
# emerge -s postgresql
# emerge postgresql
(install takes a while, didn't time it)
# ebuild /var/db/pkg/dev-db/postgresql-7.4.2-r1/postgresql-7.4.2-r1.ebuild config
(a few messages later)
* The current value of SHMMAX is too low for postgresql to run.
* Please edit /etc/sysctl.conf and set this value to at least 134217728.
*
* kernel.shmmax = 134217728
*
Fire up nano... see for an explanation of why we need to edit sysctl.conf. The short version is that the 2.6 linux kernel has a default value (shared memory limits) that is too small to be compatible with PostgreSQL.
# nano -w /etc/sysctl.conf
(add the following lines)
#Kernel parameters for PostgreSQL
#default is 32MB, PostGreSQL needs 128MB
kernel.shmmax = 134217728
kernel.shmall = 134217728
Now manually update the current values and start the server.
# echo 134217728 >/proc/sys/kernel/shmall
# echo 134217728 >/proc/sys/kernel/shmmax
# rc-update add postgresql default
# /etc/init.d/postgresql start
Now I'm off to explore the PostgreSQL documentation.
The default Gentoo install seems to already include a "postgres" user in /etc/passwd. To get logged in as the postgres user account, you will (I think) first need to switch to root.
# su
# cd /usr/local
# su - postgres
Now you can continue with section 16. Skip the page about creating the database cluster, it's already been created in "/var/lib/postgresql/data" back when you ran the "ebuild config" command. You can verify this by looking at the config file ("cat /etc/conf.d/postgresql"), where the PGDATA= line indicates the location of the database.
In fact, skip straight to chapter 16.4 - Run-time Configuration, because the server is already running. To verify that the server is running, "cat /var/lib/postgresql/data/postmaster.pid". Make a note of the PID on the first line (second line is the database location), then "cat /proc/nnnn/status" (replacing "nnnn" with the PID).
Thursday, July 08, 2004
Misc Mozilla Bits
Just a few misc Mozilla 1.7 settings that I've found useful. All of these need to be added/changed in your prefs.js file in your profile directory. Make sure that you've exited out of all Mozilla windows, including the QuickLaunch icon in the system tray before making your edits. Otherwise, when Mozilla exits again later, it will overwrite your changes.
It's also a good idea to make a backup file of your prefs.js file prior to making changes.
1) Changing the trash folder in Mozilla Mail (or Thunderbird) to match what is used on your IMAP server. The standard trash folder is called "Trash", but my IMAP service uses "Deleted Items" instead. To make things simple, I changed Mozilla to use "Deleted Items" as well for that particular account. Replace "serverx" with the appropriate server number (e.g. "server7") that matches your IMAP account.
user_pref("mail.server.serverx.trash_folder_name", "Deleted Items");
Changing the default folder for saved copies of sent items from "Sent" to "Sent Items" is a bit easier. Just right-click on the e-mail account and pick "Properties", then look in "Copies & Folders" and change where Mozilla/Thunderbird stores copies of e-mails that you have sent.
For the technically minded, the lines in "prefs.js" that are affected by this change are:
user_pref("mail.identity.id5.fcc_folder", "imap://username@imap.somedomain.com/Sent Items");
user_pref("mail.identity.id5.fcc_folder_picker_mode", "1");
2) Displaying an error page instead of just a blank page when a webpage times out. One of the most annoying features in base Mozilla/Firebird is the way that they handle timeout errors. Instead of getting an error message on the screen, you get a blank page and the location bar will have been cleared. Which, if you were trying to load the page in the background for later viewing, means you have to try and remember or figure out what link you were trying to look at. Adding the following line to your prefs.js file will at least give you an error display that lets you retry the URL:
user_pref("browser.xul.error_pages.enabled", true);
It's also a good idea to make a backup file of your prefs.js file prior to making changes.
1) Changing the trash folder in Mozilla Mail (or Thunderbird) to match what is used on your IMAP server. The standard trash folder is called "Trash", but my IMAP service uses "Deleted Items" instead. To make things simple, I changed Mozilla to use "Deleted Items" as well for that particular account. Replace "serverx" with the appropriate server number (e.g. "server7") that matches your IMAP account.
user_pref("mail.server.serverx.trash_folder_name", "Deleted Items");
Changing the default folder for saved copies of sent items from "Sent" to "Sent Items" is a bit easier. Just right-click on the e-mail account and pick "Properties", then look in "Copies & Folders" and change where Mozilla/Thunderbird stores copies of e-mails that you have sent.
For the technically minded, the lines in "prefs.js" that are affected by this change are:
user_pref("mail.identity.id5.fcc_folder", "imap://username@imap.somedomain.com/Sent Items");
user_pref("mail.identity.id5.fcc_folder_picker_mode", "1");
2) Displaying an error page instead of just a blank page when a webpage times out. One of the most annoying features in base Mozilla/Firebird is the way that they handle timeout errors. Instead of getting an error message on the screen, you get a blank page and the location bar will have been cleared. Which, if you were trying to load the page in the background for later viewing, means you have to try and remember or figure out what link you were trying to look at. Adding the following line to your prefs.js file will at least give you an error display that lets you retry the URL:
user_pref("browser.xul.error_pages.enabled", true);
Friday, July 02, 2004
Removable PATA/SATA Drive Bays
Shopping around for some removable drive bays (either PATA or SATA). I definitely don't want anything plastic, which cuts the field a bit. StarTech seem to make some nice drawers with multiple fans.
It's a pity that their multi-bay SATA systems aren't ready yet, because that looks interesting. (Holds 3 SATA drives in removable shells, takes up 2 5.25" drive bays, has a single large fan on the back.)
DRW115ATA
DRW115ATABK - Black, aluminim, PATA, ~$60
DRW115SAT
DRW115SATBK - SATA, aluminum, black, ~$60-70
Extra bays are $20-$30, extra caddies are $50-$60.
Since we'll be using these for backups, we'll probably go with PATA and 5400rpm drives (which run a lot cooler then 7200rpm SATA drives). I have to allow for ambient temperatures up to 85F at the office and I'm afraid that 7200rpm drives would cook themselves.
Update: I now own a set of the DRW115ATA drawers. The construction is quite sturdy, but the fit and finish is not always the best. They can be moderately difficult to slide in and out of the drive bays.
It's a pity that their multi-bay SATA systems aren't ready yet, because that looks interesting. (Holds 3 SATA drives in removable shells, takes up 2 5.25" drive bays, has a single large fan on the back.)
DRW115ATA
DRW115ATABK - Black, aluminim, PATA, ~$60
DRW115SAT
DRW115SATBK - SATA, aluminum, black, ~$60-70
Extra bays are $20-$30, extra caddies are $50-$60.
Since we'll be using these for backups, we'll probably go with PATA and 5400rpm drives (which run a lot cooler then 7200rpm SATA drives). I have to allow for ambient temperatures up to 85F at the office and I'm afraid that 7200rpm drives would cook themselves.
Update: I now own a set of the DRW115ATA drawers. The construction is quite sturdy, but the fit and finish is not always the best. They can be moderately difficult to slide in and out of the drive bays.
Subscribe to:
Posts (Atom)
Posts
