This package describes important Cygwin specific stuff concerning OpenSSH.The binary package is usually built for recent Cygwin versions and mightnot run on older versions.  Please check http://cygwin.com/ for informationabout current Cygwin releases.Build instructions are at the end of the file.===========================================================================Important change since 3.7.1p2-2:The ssh-host-config file doesn't create the /etc/ssh_config and/etc/sshd_config files from builtin here-scripts anymore, but it usesskeleton files installed in /etc/defaults/etc.Also it now tries hard to create appropriate permissions on files.Same applies for ssh-user-config.After creating the sshd service with ssh-host-config, it's advisable tocall ssh-user-config for all affected users, also already exising userconfigurations.  In the latter case, file and directory permissions arechecked and changed, if requireed to match the host configuration.Important note for Windows 2003 Server users:---------------------------------------------2003 Server has a funny new feature.  When starting services under SYSTEMaccount, these services have nearly all user rights which SYSTEM holds...except for the "Create a token object" right, which is needed to allowpublic key authentication :-(There's no way around this, except for creating a substitute account whichhas the appropriate privileges.  Basically, this account should be memberof the administrators group, plus it should have the following user rights:	Create a token object	Logon as a service	Replace a process level token	Increase QuotaThe ssh-host-config script asks you, if it should create such an account,called "sshd_server".  If you say "no" here, you're on your own.  Pleasefollow the instruction in ssh-host-config exactly if possible.  Note thatssh-user-config sets the permissions on 2003 Server machines dependent ofwhether a sshd_server account exists or not.======================================================================================================================================================Important change since 3.4p1-2:This version adds privilege separation as default setting, see/usr/doc/openssh/README.privsep.  According to that document theprivsep feature requires a non-privileged account called 'sshd'.The new ssh-host-config file which is part of this version asksto create 'sshd' as local user if you want to use privilegeseparation.  If you confirm, it creates that NT user and addsthe necessary entry to /etc/passwd.On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"since that feature doesn't make any sense on a system which doesn'tdiffer between privileged and unprivileged users.The new ssh-host-config script also adds the /var/empty directoryneeded by privilege separation.  When creating the /var/empty directoryby yourself, please note that in contrast to the README.privsep documentthe owner sshould not be "root" but the user which is running sshd.  So,in the standard configuration this is SYSTEM.  The ssh-host-config scriptchowns /var/empty accordingly.======================================================================================================================================================Important change since 3.0.1p1-2:This version introduces the ability to register sshd as service onWindows 9x/Me systems.  This is done only when the options -D and/or-d are not given.======================================================================================================================================================Important change since 2.9p2:Since Cygwin is able to switch user context without password beginningwith version 1.3.2, OpenSSH now allows to do so when it's running undera version >= 1.3.2. Keep in mind that `ntsec' has to be activated toallow that feature.======================================================================================================================================================Important change since 2.3.0p1:When using `ntea' or `ntsec' you now have to care for the ownershipand permission bits of your host key files and your private key files.The host key files have to be owned by the NT account which startssshd. The user key files have to be owned by the user. The permissionbits of the private key files (host and user) have to be at leastrw------- (0600)!Note that this is forced under `ntsec' only if the files are on a NTFSfilesystem (which is recommended) due to the lack of any basic securityfeatures of the FAT/FAT32 filesystems.===========================================================================If you are installing OpenSSH the first time, you can generate global configfiles and server keys by running   /usr/bin/ssh-host-configNote that this binary archive doesn't contain default config files in /etc.That files are only created if ssh-host-config is started.If you are updating your installation you may run the above ssh-host-configas well to move your configuration files to the new location and toerase the files at the old location.To support testing and unattended installation ssh-host-config gotsome options:usage: ssh-host-config [OPTION]...Options:    --debug  -d            Enable shell's debug output.    --yes    -y            Answer all questions with "yes" automatically.    --no     -n            Answer all questions with "no" automatically.    --cygwin -c <options>  Use "options" as value for CYGWIN environment var.    --port   -p <n>        sshd listens on port n.    --pwd    -w <passwd>   Use "pwd" as password for user 'sshd_server'.Additionally ssh-host-config now asks if it should install sshd as aservice when running under NT/W2K. This requires cygrunsrv installed.You can create the private and public keys for a user now by running  /usr/bin/ssh-user-configunder the users account.To support testing and unattended installation ssh-user-config gotsome options as well:usage: ssh-user-config [OPTION]...Options:    --debug      -d        Enable shell's debug output.    --yes        -y        Answer all questions with "yes" automatically.    --no         -n        Answer all questions with "no" automatically.    --passphrase -p word   Use "word" as passphrase automatically.Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd(results in very slow deamon startup!) or from the command line (recommendedon 9X/ME).If you start sshd as deamon via cygrunsrv.exe you MUST give the"-D" option to sshd. Otherwise the service can't get started at all.If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add thefollowing line to your inetd.conf file:ssh stream tcp nowait root /usr/sbin/in.sshd sshd -iMoreover you'll have to add the following line to your${SYSTEMROOT}/system32/drivers/etc/services file:   ssh         22/tcp          #SSH daemonPlease note that OpenSSH does never use the value of $HOME tosearch for the users configuration files! It always uses thevalue of the pw_dir field in /etc/passwd as the home directory.If no home diretory is set in /etc/passwd, the root directoryis used instead!You may use all features of the CYGWIN=ntsec setting the sameway as they are used by Cygwin's login(1) port:  The pw_gecos field may contain an additional field, that begins  with (upper case!) "U-", followed by the domain and the username  separated by a backslash.  CAUTION: The SID _must_ remain the _last_ field in pw_gecos!  BTW: The field separator in pw_gecos is the comma.  The username in pw_name itself may be any nice name:    domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...  Now you may use `domuser' as your login name with telnet!  This is possible additionally for local users, if you don't like  your NT login name ;-) You only have to leave out the domain:    locuser::1104:513:John Doe,U-user,S-1-5-21-...Note that the CYGWIN=ntsec setting is required for public key authentication.SSH2 server and user keys are generated by the `ssh-*-config' scriptsas well.If you want to build from source, the following options toconfigure are used for the Cygwin binary distribution:	--prefix=/usr \	--sysconfdir=/etc \	--libexecdir='${sbindir}' \	--localstatedir=/var \	--datadir='${prefix}/share' \	--mandir='${datadir}/man' \	--infodir='${datadir}/info'	--with-tcp-wrappersIf you want to create a Cygwin package, equivalent to the onein the Cygwin binary distribution, install like this:	mkdir /tmp/cygwin-ssh	cd ${builddir}	make install DESTDIR=/tmp/cygwin-ssh	cd ${srcdir}/contrib/cygwin	make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh	cd /tmp/cygwin-ssh	find * \! -type d | tar cvjfT my-openssh.tar.bz2 -You must have installed the following packages to be able to build OpenSSH:- zlib- openssl-devel- minires-develIf you want to build with --with-tcp-wrappers, you also need the package- tcp_wrappersPlease send requests, error reports etc. to cygwin@cygwin.com.Have fun,Corinna VinschenCygwin DeveloperRed Hat Inc.