Installation Cygwin Redhat NI 10102011 En
Transcript of Installation Cygwin Redhat NI 10102011 En
![Page 1: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/1.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 1 / 8
Rédacteur / Written by: SHG Date de rédaction / Writing date: 11/10/2011Diffusion / Recipients: IndusObjet / Subject: Specifications for installing the Cygwin/Openssh Redhat Server on Windows 2008
R2 Server
The purpose of this document is to descibe the steps for installing and configuring the SFTP Cygwin/Openssh Server supplied by Redhat on Windows 2008 R2 server in Workgroup Mode secured by the Astellia security script.A separate document will be written for servers in Domain Mode secured by the Astellia security script.
1. INSTALLATION 2
2. CONFIGURATION 4
3. UNINSTALL 8
4. Troubleshooting 8
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 2: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/2.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 2 / 8
1. INSTALLATION
1- Prerequisites: security script V2.1.0 (minimum)
a. Apply the security script available here
WARNING: after installing the script, builtin administrator (admXXX or administrator or administrateur) has been renamed “adm” .You need to rename it in admXXX as usual.
b. Change access rights for directories C:\Astellia and D:\astellia
Access rights for C:\ASTELLIA: Full control: SYSTEM Full control: AST_TECH Full control: AST _ADMIN Full control: AST _OAM
Access rights for D:\Astellia and E:\Astellia Full control: SYSTEM Full control: AST_TECH Full control: AST__ADMIN
Share directory D:\Astellia (share name: Astellia) Full control: AST_TECH Full control: AST_ADMIN
c. Remember to log off after installing the script.
2- Download the Cygwin packages for Openssh and Vim packages of Redhat: Redhat_Cygwin_1.8.3.3.zip
3- Run the rhsetup.exe as a Local Administrator.
Select “Install from Local Directory”.
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 3: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/3.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 3 / 8
Select C:\Astellia\rhcygwin as the install directory.
In the “Setup Alert” window click OK.
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 4: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/4.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 4 / 8
The following window is displayed:
Click “Suivant>” (”Next>”) to install.
2. CONFIGURATION
1. Create the User that will connect to the SFTP server:
Create the User in Windows with a password that never expires.
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 5: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/5.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 5 / 8
2. Add this User to the AST_ADMIN local group to give him rights to Astellia directories.
3. Open a Cygwin console (see desktop shortcut).
Enter the following commands:mkpasswd -l > /etc/passwdmkgroup -l > /etc/group
4. Configure the SSH service.
Start the Cygwin console (see red hat Cygwin desktop icon).Ssh-host-configQuestion: should privilege separation be used? (yes/no) yesNew local account 'sshd'? (yes/no) yesDo you want to install sshd as a service? yesEnter the value of CYGWIN for the daemon: ntsecDo you want to use a different name? (yes/no) noCreate new privileged user account 'cyg_server'? (yes/no) yes
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 6: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/6.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 6 / 8
5. Verify users created by Cygwin:
Ensure the password is set to “Password never expires” for sshd and cyg_server.
Add the cyg_server User to the AST_TECH group so that he is allowed to start a service.
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 7: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/7.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 7 / 8
6. Security Setting
Change port:
Vim /etc/sshd_configChange the line:Port 22To:Port 22222
Enable logs:
Enable Syslog Cygwin service.In the Cygwin console, enter:Syslogd-configDo you want to install syslogd as a service?: yes
Uncomment the lines SyslogFacility and LogLevel in configuration file /etc/sshd.conf.
Start Windows services “Cygwin sshd” and “CYGWIN syslog” and test login to SFTP (ex: filezilla) and ssh (ex: putty).
7. Data access
To access data, use an absolute path, such as cygdrive/e/astellia (important: without “/” at the beginning).
Check that the user (sftpuser) or the AST_TECH group have “Full control” permissions on SFTP data directories (typically under D:\Astellia).
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc
![Page 8: Installation Cygwin Redhat NI 10102011 En](https://reader036.fdocuments.in/reader036/viewer/2022082402/577cce2b1a28ab9e788d7f34/html5/thumbnails/8.jpg)
NOTE D’INFORMATIONS / INFORMATION NOTE Page: 8 / 8
3. UNINSTALL
To manually uninstall Cygwin, you can do the following:
1. Delete all Cygwin services, such as sshd, cron, cygserver and inetd:
o If the service is running, stop it using the cygrunsrv -E nom command, where nom stands for the service name.
o Uninstall the service using the cygrunsrv -R nom command.
2. If server X11 is running, stop it and terminate any Cygwin program that may be running in the background. Delete all mount information using the umount -A command.Exit the command line and make sure there is no Cygwin process running.
3. Delete the Cygwin install folder and all subfolders.
o If you get an error indicating that an object is in use, please check that all services have stopped and that all Cygwin programs were closed.
o If you get an error saying “Droit d'accès refuse” (“access right denied”), edit permissions or change the ownership rights of your user account for files or folders which caused the error.To change the Cygwin folder property from Windows Explorer, right-click the Cygwin folder, then click Properties.In the “Security” tab, choose Advanced. In the “Owner” tab, make sure your account appears to be “Owner”. Tick “Replace owner on subcontainers and objects“, then click OK.
4. Remove Cygwin shortcuts on the desktop and in Start Menu.
5. If Cygwin was added to system path, delete it.
6. If you have defined the CYGWIN environment variable, delete it.
7. Remove the registry trees Software\Cygnus Solutions and Software\Cygwin under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, if present.
8. Remove the Windows Cygwin users (astftp, cyg_server, sshd, etc.).
4. TROUBLESHOOTING
LogWhen a problem occurs, you can increase log level.
In /etc/sshd_config, set “SysLoglevel” to “DEBUG”, then restart CYGWIN services.
Logs are located in /var/log/messages.
Verify that Cygwin Users (sftpuser, cyg_server and sshd) are not locked out in Windows.
Confidentiel Astellia / Astellia confidentia l Fichier : document.doc