Can this be installed on Server 2008 Standard SP2? #818
Comments
|
win32-openssh support down to win7 client or windows server 2008 R2 |
|
Hi i created a user (DOMAIN\SSHD) and edited the chocolately package to change all instances of "NT Service\SSHD" to the new username. the install was successful. when i run SSHD.exe -d from an admin powershell, i can connect, however when i run the service i get "write failed - broken pipe" now, i know that this is "not supported" on Server 2008 SP2, however any nudges in the right direction would be appreciated :) EDIT: Debug Log shows:
note the single error, this does not work (broken pipe) running sshd.exe -d i receive:
which works. |
|
1349 - The type of the token is inappropriate for its attempted use. Not sure why you are seeing this. Can you try running sshd as SYSTEM and see if it work? |
|
Why did you change the service to run as an ordinary domain user? The service needs to run at a high privilege level (System Service), even though the individual users will be authenticating against the domain. SSHD is also not meant to be run directly in a console but through the sshd service (with sc.exe start/stop sshd). |
|
@fpqc |
|
@HSSupport Tell him to uninstall the edited package and reinstall it so it installs as a system service. What @manojampalam suggested is just undoing the error that the user made in the first place. sshd runs as a localsystem-level service, but all authentication is carried through the server's authentication mechanism and permissions are enforced at the user level. |
|
@fpqc I installed this package. since its server 2008 (standard, not R2) it wont install as the NT Authority\SSHD user. So ill be trying the localsystem next, and also localservice to see which works. the domain\sshd user was my workaround for a lack of service managed accounts :) thanks |
|
@HSSupport Ah, that makes some sense. It might actually work then. Also, yeah, the domain admin token can be elevated to a system level token using the windows internals psexec tool (i.e. Admin -> SYSTEM is not a security boundary), but it is a permissions boundary and likely the cause of failure here. This TechNet page also includes instructions for manually configuring Managed Service accounts on earlier versions of Windows Server (2003 and 2008) if they are using the updated AD Schema. |
|
ok so i have an update. The service flat-out would not start using NT Authority\LocalService account i think this may have gone from "easily fixed" to "probably not going to work ever".... logs below if you can have a quick look and let me know what you think / if its easily possible to get this to run/work on Server 2008 SP2, i would be grateful, but i also accept this may not be possible (at least i/we/you tried!) thanks Logs note: i have the correct ssh key in place, and used the correct password 3x. this is a member server of a domain
|
|
Server 2008 is out of support. |
OpenSSH Version 0.16 - installed using chocolatey installer (barebones)
after installation, the service cannot be started with the user SSHD. Since managed service accounts were introduced in server 2008 R2, does this mean that this will not install on server 2008 standard?
thanks
The text was updated successfully, but these errors were encountered: