I have a 2003 template with a working Cygwin sshd install. I deploy vms via script through powershell from that template. When the deployed VMs are brought online the Cygwin prompt is now ‘#’ instead of a ‘$’ and I cannot start sshd. Both Cygwin sshd services are configured with the cyg_server account to start them (obviously). And as far as I can tell the only difference is one machine was deployed via script from the working template. But I am at a loss to figure out permissions are changing when I deploy the script or even where to look at this point.
From working 2003 machine (one I provision templates from):
frtest@w2k3r2s32 ~
$ cygcheck -V
cygcheck version 1.126
System Checker for Cygwin
Copyright (C) 1998 - 2008 Red Hat, Inc.
Compiled on Mar 28 2011
frtest@w2k3r2s32 ~
$ ls -ld /var/empty/
drwxr-xr-x+ 1 cyg_server root 0 Mar 9 14:39 /var/empty/
frtest@w2k3r2s32 ~
$ ls -ld /etc/ssh*
-rw-r--r-- 1 cyg_server None 1555 Mar 9 14:39 /etc/ssh_config
-rw------- 1 cyg_server None 668 Mar 9 14:39 /etc/ssh_host_dsa_key
-rw-r--r-- 1 cyg_server None 613 Mar 9 14:39 /etc/ssh_host_dsa_key.pub
-rw------- 1 cyg_server None 988 Mar 9 14:39 /etc/ssh_host_key
-rw-r--r-- 1 cyg_server None 653 Mar 9 14:39 /etc/ssh_host_key.pub
-rw------- 1 cyg_server None 1675 Mar 9 14:39 /etc/ssh_host_rsa_key
-rw-r--r-- 1 cyg_server None 405 Mar 9 14:39 /etc/ssh_host_rsa_key.pub
-rw-r--r-- 1 cyg_server None 3153 Mar 9 14:39 /etc/sshd_config
frtest@w2k3r2s32 ~
$ ls -ld /var/log/sshd.log
-rw-rw-r-- 1 Administrator None 0 Mar 9 14:41 /var/log/sshd.log
frtest@w2k3r2s32 ~
$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.
And from a non-working machine deployed from that template:
frtest@w3r232-77 ~
# cygcheck -V
cygcheck version 1.126
System Checker for Cygwin
Copyright (C) 1998 - 2008 Red Hat, Inc.
Compiled on Mar 28 2011
frtest@w3r232-77 ~
# ls -ld /var/empty
drwxr-xr-x+ 1 cyg_server root 0 Mar 9 14:39 /var/empty
frtest@w3r232-77 ~
# ls -ld /etc/ssh*
-rw-r--r-- 1 cyg_server None 1555 Mar 9 14:39 /etc/ssh_config
-rw------- 1 cyg_server None 668 Mar 9 14:39 /etc/ssh_host_dsa_key
-rw-r--r-- 1 cyg_server None 613 Mar 9 14:39 /etc/ssh_host_dsa_key.pub
-rw------- 1 cyg_server None 988 Mar 9 14:39 /etc/ssh_host_key
-rw-r--r-- 1 cyg_server None 653 Mar 9 14:39 /etc/ssh_host_key.pub
-rw------- 1 cyg_server None 1675 Mar 9 14:39 /etc/ssh_host_rsa_key
-rw-r--r-- 1 cyg_server None 405 Mar 9 14:39 /etc/ssh_host_rsa_key.pub
-rw-r--r-- 1 cyg_server None 3153 Mar 9 14:39 /etc/sshd_config
frtest@w3r232-77 ~
# ls -ld /var/log/sshd.log
-rw-rw-r-- 1 Administrator None 67 Aug 25 07:26 /var/log/sshd.log
frtest@w3r232-77 ~
# net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
frtest@w3r232-77 ~
# cat /var/log/sshd.log
/var/empty must be owned by root and not group or world-writable.
/var/empty must be owned by root and not group or world-writable.
Now i can mess around with the ownership of the cygdrive files but I shouldnt have to do that, I want to this to work but not really having any knowledge as to why its happening in the first place.
Ok. Went back and checked the permissions on the cygrdive folder and one of the admin accounts in question is mangled after the fact.
Before:
frtest@w2k3r2s32 ~
$ ls -ld /cygdrive
dr-xr-xr-x 3 frtest None 0 Aug 26 09:48 /cygdrive
After:
# ls -ld /cygdrive
dr-xr-xr-x 3 frtest root 0 Aug 26 09:48 /cygdrive
That frtest account is now showing up as unknown and I am not sure why.
I strongly suspect that the problem is caused by the Sysgen that is run as part of the sysprep process.
Did you select the "Generate New Security Id" option in the customization spec ?
The Cygwin sshd runs with "root" (which translates to the local administrator).
A sysgen will change the SID of the local administrator.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference