I upgraded my desktop at work to SP2 a little over a week ago with very few problems. The one problem that took a little research was why Cygwin’s SSHD would accept then drop inbound connections. It only took a little research because it’s discussed in the Cygwin distribution (/usr/share/doc/Cygwin/openssh-README):
Important change since 3.4p1-2:
This version adds privilege separation as default setting, see
/usr/doc/openssh/README.privsep. According to that document the
privsep feature requires a non-privileged account called ‘sshd’.
The new ssh-host-config file which is part of this version asks
to create ‘sshd’ as local user if you want to use privilege
separation. If you confirm, it creates that NT user and adds
the necessary entry to /etc/passwd.
On 9x/Me systems the script just sets UsePrivilegeSeparation to “no”
since that feature doesn’t make any sense on a system which doesn’t
differ between privileged and unprivileged users.
The new ssh-host-config script also adds the /var/empty directory
needed by privilege separation. When creating the /var/empty directory
by yourself, please note that in contrast to the README.privsep document
the owner sshould not be “root” but the user which is running sshd. So,
in the standard configuration this is SYSTEM. The ssh-host-config script
chowns /var/empty accordingly.
So, I turned off UsePrivilegeSeparation and it’s been working just fine. I can still SSH in to the machine as well as connect to it with Remote Desktop and VNC even with the new Windows Firewall turned on. Of course, I had to add some exceptions to the default rule set to allow those processes to accept incoming connections — Remote Desktop is specifically mentioned but VNC isn’t — but, still, it’s been pretty painless.
So, after taking a complete image of my laptop, I decided to give SP2 a try and,to my amazement, I’ve encountered no significant problems so far. Course, it’s only been about 2 hours but I’ve tried the applications I expected to have problems with and they haven’t hiccuped even once. The only thing that surprised me is that SP2’s Remote Desktop client will allow connections to localhost as long as they’re not on the standard port (3389) so, whereas prior to SP2 I had to set up an SSH tunnel forwarding 127.0.0.2 port 3390, now it’s simply 127.0.0.1 port 3390. This obviates the need for PuTTY/PLink (see my previous entries re: Remote Desktop and SSH tunnels).