为什么ssh-host-config在Windows 8.1上的Cygwin中创build两个用户？

在试图解决在Windows 8.1上使用Cygwin + SSH的一些问题时，我想知道为什么ssh-host-config脚本创build了两个从头开始configurationOpenSSH的新帐户？ （这是必要的吗？）

这两个帐户是： cyg_server和sshd ，当使用默认select+特权升级和服务安装。 我知道第一个只用于启动Cygwin SSHd服务，但我不理解第二个function。 我search了Cygwin的档案，唯一的开发者解释是“因为它是为了这样做”。 也build议不要使用这些实际login。

这是我的安装：

 ----------------------------------------------------------- ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED25519 *** Info: Creating default /etc/ssh_config file *** Info: Creating default /etc/sshd_config file *** Info: Privilege separation is set to yes by default since OpenSSH 3.3. *** Info: However, this requires a non-privileged account called 'sshd'. *** Info: For more info on privilege separation read /usr/share/doc/openssh/README.privsep. *** Query: Should privilege separation be used? (yes/no) yes *** Info: Note that creating a new user requires that the current account have *** Info: Administrator privileges. Should this script attempt to create a *** Query: new local account 'sshd'? (yes/no) yes *** Info: Updating /etc/sshd_config file *** Query: Do you want to install sshd as a service? *** Query: (Say "no" if it is already installed as a service) (yes/no) yes *** Query: Enter the value of CYGWIN for the daemon: [] *** Info: On Windows Server 2003, Windows Vista, and above, the *** Info: SYSTEM account cannot setuid to other users -- a capability *** Info: sshd requires. You need to have or to create a privileged *** Info: account. This script will help you do so. *** Info: You appear to be running Windows XP 64bit, Windows 2003 Server, *** Info: or later. On these systems, it's not possible to use the LocalSystem *** Info: account for services that can change the user id without an *** Info: explicit password (such as passwordless logins [eg public key *** Info: authentication] via sshd). *** Info: If you want to enable that functionality, it's required to create *** Info: a new account with special privileges (unless a similar account *** Info: already exists). This account is then used to run these special *** Info: servers. *** Info: Note that creating a new user requires that the current account *** Info: have Administrator privileges itself. *** Info: No privileged account could be found. *** Info: This script plans to use 'cyg_server'. *** Info: 'cyg_server' will only be used by registered services. *** Query: Do you want to use a different name? (yes/no) no *** Query: Create new privileged user account 'cyg_server'? (yes/no) yes *** Info: Please enter a password for new user cyg_server. Please be sure *** Info: that this password matches the password rules given on your system. *** Info: Entering no password will exit the configuration. *** Query: Please enter the password: *** Query: Reenter: *** Info: User 'cyg_server' has been created with password 'XXXXXXXXXX'. *** Info: If you change the password, please remember also to change the *** Info: password for the installed services which use (or will soon use) *** Info: the 'cyg_server' account. *** Info: Also keep in mind that the user 'cyg_server' needs read permissions *** Info: on all users' relevant files for the services running as 'cyg_server'. *** Info: In particular, for the sshd server all users' .ssh/authorized_keys *** Info: files must have appropriate permissions to allow public key *** Info: authentication. (Re-)running ssh-user-config for each user will set *** Info: these permissions correctly. [Similar restrictions apply, for *** Info: instance, for .rhosts files if the rshd server is running, etc]. *** Info: The sshd service has been installed under the 'cyg_server' *** Info: account. To start the service now, call `net start sshd' or *** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically *** Info: after the next reboot. *** Info: Host configuration finished. Have fun! ----------------------------------------------------------- 

另外，'cyg_server'是一个可见的帐户，可以用于Windowslogin，但'sshd'似乎隐藏。 所以我留下了结论，我将不得不添加另一个第三个帐户，才能正确使用SSH，这似乎相当疯狂！

• 使用msysgit的rsync进行二进制文件
• 为什么我的.bashrc不能在cygwin下读取？
• 如何从Cygwin SSH会话运行PowerShell脚本？
• Interix和Cygwin有什么实际的区别？
• 如何从命令行安装cygwin软件包？

编辑1 ：不仅如此， sshd帐户还有一个密码到期date从安装40天设置并有一个密码（根据WMIC ）。 （在ssh设置期间，我从来没有被要求input这个帐户的密码。）

做： wmic useraccount get AccountType,...,Status ：

 AccountType Disabled Lockout Name PasswordChangeable PasswordExpires PasswordRequired Status 512 FALSE FALSE cyg_server TRUE FALSE TRUE OK 512 TRUE FALSE sshd TRUE TRUE TRUE Degraded 

和net user sshd ：

 User name sshd Full Name sshd privsep Comment User's comment Country/region code 000 (System Default) Account active No Account expires Never Password last set 2014-03-01 23:20:19 Password expires 2014-04-12 23:20:19 Password changeable 2014-03-01 23:20:19 Password required Yes User may change password Yes Workstations allowed All Logon script User profile Home directory C:\cygwin64\var\empty Last logon Never Logon hours allowed All Local Group Memberships *Users Global Group memberships *None The command completed successfully. 

所以这又带来了另外两个问题：

1. 什么是密码设置，为什么用户不知道这个？
2. 为什么这个密码有一个到期date？

编辑2 ：不能通过Cygwin的开发人员名单，我必须做我自己的进一步调查。 到目前为止，我没有问题1的答案，但是用于安装的ssh-host-config脚本还有其他一些问题。 底线是，您可以随时删除sshd＆cyg_server帐户，并使用其设置作为参考设置一个适当的pipe理员帐户。

问题2 ：Windows 8.1的默认密码过期设置为42天。 这必须被改变或禁用，使用正常的Windows工具（UI，WMIC，networking用户等）

  UsePrivilegeSeparation Specifies whether sshd separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by con- taining any corruption within the unprivileged processes. The default is "yes". 

 net user "${unpriv_user}" /add /fullname:"${unpriv_user} privsep" \ "/homedir:${dos_var_empty}" /active:no