Install Cygwin SSH on Win2K3

There has been an excellent post on how to install Cygwin SSH on Win2K3 . However, there are still some tricks to get that working properly. Luckily, we could alwasy refer to Window's EventViewer to get the details of what happened.

• mkpasswd does not generate correct group number for domain users
  

mkpasswd -d <domain-name> -p /home -u <username> >> /etc/passwd

This will add one line of the domain user in /etc/passwd. But be careful the group number may not be correspondent with /etc/group. So the following error will likely be seen when ssh -v localhost:
sshd: PID 2584: fatal: initgroups: <username> : Invalid argument.
After manually correcting the group number in /etc/passwd, we should be able to use ssh locally.

• hosts.allow - enable remote users
  

The default hosts.allow after ssh-host-config looks like:

ALL : localhost 127.0.0.1/32 : allow
ALL : PARANOID : deny
sshd: ALL

However, this won't get us through if we connect from another machine.
sshd: PID 3904: refused connect from 10.8.8.8.
We could modify hosts.allow and make it look like:

sshd: ALL : spawn (echo "Attempt from %h %a to %d at `date` by %u" | tee -a /var/log/sshd.log)

This will allow connections and add 1 line in sshd.log for each connection.
or simply:

sshd: ALL : allow

or more restrictive:

sshd: 10.8.0.0/255.255.0.0 : allow

• /etc/hosts - if sshd cannot verify hostname
  

We still may see a warning "sshd: PID 3904: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(<hostname>) failed."
This slows SSH client's connection. One work around is to add the host in /etc/hosts file which speeds connection up:

10.8.8.8     <hostname>