Installation Cygwin Redhat NI 10102011 En

NOTE D’INFORMATIONS / INFORMATION NOTE Page: 1 / 8

Rédacteur / Written by: SHG Date de rédaction / Writing date: 11/10/2011Diffusion / Recipients: IndusObjet / Subject: Specifications for installing the Cygwin/Openssh Redhat Server on Windows 2008

R2 Server

The purpose of this document is to descibe the steps for installing and configuring the SFTP Cygwin/Openssh Server supplied by Redhat on Windows 2008 R2 server in Workgroup Mode secured by the Astellia security script.A separate document will be written for servers in Domain Mode secured by the Astellia security script.

1. INSTALLATION 2

2. CONFIGURATION 4

3. UNINSTALL 8

4. Troubleshooting 8

Confidentiel Astellia / Astellia confidentia l Fichier : document.doc


1. INSTALLATION

1- Prerequisites: security script V2.1.0 (minimum)

a. Apply the security script available here

WARNING: after installing the script, builtin administrator (admXXX or administrator or administrateur) has been renamed “adm” .You need to rename it in admXXX as usual.

b. Change access rights for directories C:\Astellia and D:\astellia

Access rights for C:\ASTELLIA: Full control: SYSTEM Full control: AST_TECH Full control: AST _ADMIN Full control: AST _OAM

Access rights for D:\Astellia and E:\Astellia Full control: SYSTEM Full control: AST_TECH Full control: AST__ADMIN

Share directory D:\Astellia (share name: Astellia) Full control: AST_TECH Full control: AST_ADMIN

c. Remember to log off after installing the script.

2- Download the Cygwin packages for Openssh and Vim packages of Redhat: Redhat_Cygwin_1.8.3.3.zip

3- Run the rhsetup.exe as a Local Administrator.

Select “Install from Local Directory”.


http://asttools/mydms/out/out.ViewDocument.php?documentid=1570&showtree=0


Select C:\Astellia\rhcygwin as the install directory.

In the “Setup Alert” window click OK.



The following window is displayed:

Click “Suivant>” (”Next>”) to install.

2. CONFIGURATION

1. Create the User that will connect to the SFTP server:

Create the User in Windows with a password that never expires.



2. Add this User to the AST_ADMIN local group to give him rights to Astellia directories.

3. Open a Cygwin console (see desktop shortcut).

Enter the following commands:mkpasswd -l > /etc/passwdmkgroup -l > /etc/group

4. Configure the SSH service.

Start the Cygwin console (see red hat Cygwin desktop icon).Ssh-host-configQuestion: should privilege separation be used? (yes/no) yesNew local account 'sshd'? (yes/no) yesDo you want to install sshd as a service? yesEnter the value of CYGWIN for the daemon: ntsecDo you want to use a different name? (yes/no) noCreate new privileged user account 'cyg_server'? (yes/no) yes



5. Verify users created by Cygwin:

Ensure the password is set to “Password never expires” for sshd and cyg_server.

Add the cyg_server User to the AST_TECH group so that he is allowed to start a service.



6. Security Setting

Change port:

Vim /etc/sshd_configChange the line:Port 22To:Port 22222

Enable logs:

Enable Syslog Cygwin service.In the Cygwin console, enter:Syslogd-configDo you want to install syslogd as a service?: yes

Uncomment the lines SyslogFacility and LogLevel in configuration file /etc/sshd.conf.

Start Windows services “Cygwin sshd” and “CYGWIN syslog” and test login to SFTP (ex: filezilla) and ssh (ex: putty).

7. Data access

To access data, use an absolute path, such as cygdrive/e/astellia (important: without “/” at the beginning).

Check that the user (sftpuser) or the AST_TECH group have “Full control” permissions on SFTP data directories (typically under D:\Astellia).



3. UNINSTALL

To manually uninstall Cygwin, you can do the following:

1. Delete all Cygwin services, such as sshd, cron, cygserver and inetd:

o If the service is running, stop it using the cygrunsrv -E nom command, where nom stands for the service name.

o Uninstall the service using the cygrunsrv -R nom command.

2. If server X11 is running, stop it and terminate any Cygwin program that may be running in the background. Delete all mount information using the umount -A command.Exit the command line and make sure there is no Cygwin process running.

3. Delete the Cygwin install folder and all subfolders.

o If you get an error indicating that an object is in use, please check that all services have stopped and that all Cygwin programs were closed.

o If you get an error saying “Droit d'accès refuse” (“access right denied”), edit permissions or change the ownership rights of your user account for files or folders which caused the error.To change the Cygwin folder property from Windows Explorer, right-click the Cygwin folder, then click Properties.In the “Security” tab, choose Advanced. In the “Owner” tab, make sure your account appears to be “Owner”. Tick “Replace owner on subcontainers and objects“, then click OK.

4. Remove Cygwin shortcuts on the desktop and in Start Menu.

5. If Cygwin was added to system path, delete it.

6. If you have defined the CYGWIN environment variable, delete it.

7. Remove the registry trees Software\Cygnus Solutions and Software\Cygwin under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, if present.

8. Remove the Windows Cygwin users (astftp, cyg_server, sshd, etc.).

4. TROUBLESHOOTING

LogWhen a problem occurs, you can increase log level.

In /etc/sshd_config, set “SysLoglevel” to “DEBUG”, then restart CYGWIN services.

Logs are located in /var/log/messages.

Verify that Cygwin Users (sftpuser, cyg_server and sshd) are not locked out in Windows.


Installation Cygwin Redhat NI 10102011 En

Documents

Transcript of Installation Cygwin Redhat NI 10102011 En