This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: sshd+ssh localhost connects, but don't reach the shell


>> The symptoms do appear like a firewall issue like Larry Hall said,
>
> This is always a point to be rechecked. I just did it:
> - All ssh.exe, ssh2.exe (Windows GUI client) and sshd.exe have full
> permissions set to access and server;
> - Logging on, but no log entries about these programs being blocked.
>
> Anyway, as I said before, all my tests were performed with firewall not
> running. Should I try, for the sake of completeness, uninstalling it?

No, have you tested with the Windows firewall running?

No, I never use Windows Firewall. My choice is Zone Alarm Pro. Even so, I had included Port 22 in the Windows Firewall exception list, although technically it should make no difference.


Now try: netstat -anbv | grep -B 1 -A 2 ":22"
should show only sshd.exe listening.

Now that's strange: in that verbose list there is no program listening on port 22. The only reference to sshd is in the following block:


 UDP    127.0.0.1:2186         *:*                                    2848
 C:\WINDOWS\system32\ZoneLabs\vetredir.dll
 C:\WINDOWS\system32\imslsp.dll
 C:\WINDOWS\system32\ws2_32.dll
 C:\cygwin\bin\cygwin1.dll
 [sshd.exe]

The first DLL is a ZoneAlarm (firewall) one. This is curious, because that DLL is around even if the firewall is off. (The service related to ZA's firewall is called "TrueVector" and it is stopped in the Services list.) The port (2186) varies from run to run.

But it appears in: netstat -an | grep ":22"

TCP 0.0.0.0:22 0.0.0.0:0 LISTENING

Not all entries listed by -an appear on -anbv.

Also check: ps -a | grep sshd
before and during a test. Is the UID 18? does the process have any suspend flags?

Changed to "ps -a | grep ssh" to include the client. Before test:

3676 436 3676 2392 ? 18 17:52:14 /usr/sbin/sshd

During test:

    3676     436    3676       2392    ?   18 17:52:14 /usr/sbin/sshd
I    4060     604    4060       2512    0 1003 17:54:12 /usr/bin/ssh
    1560    3676    1560       2812    ?   18 17:54:12 /usr/sbin/sshd

That "I" on the client is significant, but as far as we've been discussing this is somewhat expected (but not desired :-( ).

During a test, the second sshd process is the interesting one, you could try to
see what is doing (when it appears to be stuck) by using: strace -p $PID
where the process id is from the above ps -a.

It can't proceed: it stops after the message "strace: couldn't attach to pid 3844 for debugging".


Doing strace to the original sshd.exe (the non-spawned one) reveals that tons of things happen when I run "ssh localhost", but I can't interpret all those gibberish output.

After all, I'm really suspicious about that ZoneAlarm DLL. But I think I can only purge it if I uninstall the firewall. Oh my.

--
Best regards,
Vilar Camara Neto



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]