Cygwin

This guide should explain a basic comfortable Cygwin installtion and configuration. After finishing it, you will have an X11 server, terminal with selectable fonts, and optionally an ssh server running.

To set the place where the Windows drive letters are going to be mounted, use

mount -s --change-cygdrive-prefix /

Then you can access your C: Drive at /c/ instead of /cygdrive/c/. logout and back in for the settings to have an effect on your PATH variable.

Sadly I did not write down what I did. Section will follow later:-)

To change the xterm default settings, edit one (or all) of the files:

/etc/X11/app-defaults/XTerm
$HOME/.Xdefaults

I mainly went by this http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html guide. Here are the important steps:

Install at least the following list of packages:

• From Admin, select all packages.
• From Archive, select unzip and zip packages.
• From Base, leave the default, select all packages.
• From Doc, leave the default, man and 'cygwin doc' packages.
• From Editors, select vim package.
• From Net, select openssh (openssl will get checked automatically), rsync and tcp_wrappers packages.

Edit the C:\cygwin\cygwin.bat script. Make sure it contains these lines - you will need to add the line setting the CYGWIN environment variable:

@echo off
set CYGWIN=binmode tty ntsec
C:
chdir \cygwin\bin

bash --login -i

Run ssh-host-config to create the service, set up the ssh host keys and create the sshd_config file in /etc/.

ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Overwrite existing /etc/ssh_config file? (yes/no) yes
Generating /etc/ssh_config file
Overwrite existing /etc/sshd_config file? (yes/no) yes
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read
/usr/share/doc/openssh/README.privsep.

Should privilege separation be used? (yes/no) yes
Warning: The following function requires administrator privileges!
Should this script create a local user 'sshd' on this machine? (yes/no) yes
Generating /etc/sshd_config file
Added ssh to C:\WINDOWS\system32\drivers\etc\services


Warning: The following functions require administrator privileges!

Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes

You appear to be running Windows 2003 Server or later.  On 2003 and
later systems, it's not possible to use the LocalSystem account
if sshd should allow passwordless logon (e. g. public key authentication).
If you want to enable that functionality, it's required to create a new
account 'sshd_server' with special privileges, which is then used to run
the sshd service under.

Should this script create a new local account 'sshd_server' which has
the required privileges? (yes/no) yes

Please enter a password for new user 'sshd_server'.  Please be sure that
this password matches the password rules given on your system.
Entering no password will exit the configuration.  PASSWORD=xxxxxxx

User 'sshd_server' has been created with password 'xxxxxxxx'.
If you change the password, please keep in mind to change the password
for the sshd service, too.

Also keep in mind that the user sshd_server needs read permissions on all
users .ssh/authorized_keys file to allow public key authentication for
these users.  (Re-)running ssh-user-config for each user will set the
required permissions correctly.


Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec".  CYGWIN=binmode ntsec tty

The service has been installed under sshd_server account.
To start the service, call 'net start sshd' or 'cygrunsrv -S sshd'.

Host configuration finished. Have fun!

If you run sshd as a local user account, you will have the right user token to compile and to access network shares from the ssh login. By default, the ssh service is installed this way:

Lets assume you want to be able to log in as user 'emmenlau' and access all network shares and have the right token. First you need to have (create) this new user 'emmenlau' as a local machine user. Then you need to grant emmenlau additional permissions: Go to

Start → Control Panel → Administrative Tools → Local Security Settings → User Rights Management

and add the user 'emmenlau' to the following rights:

• Act as part of operating system
• Create a token object
• Deny log on through terminal services
• Logon as service (if used via service manager)
• Replace a process level token
• Increase quotas

To change sshd to run as a local user account, go to

Start → Control Panel → Administrative Tools → Computer Management → Services → CYGWIN sshd → Log On

There you can change the user from 'cyg_server' to 'emmenlau', by entering '.\emmenlau' and emmenlau's password. Now you can stop and restart the service sshd, and should be able to log in as the user emmenlau.