Re: Cygwin sshd broken by seemingly trivial network change
On 12/20/2020 12:51 PM, Andrey Repin wrote: Greetings, Charles Russell! SOLVED On 12/17/2020 3:24 PM, Erik Soderquist wrote: >> in some cases I could not find any real >> issue, but deleting and recreating the rules fixed the issue. That did the trick: simply deleting and reinstating the firewall settings for sshd solved the problem on both computers. Told you just crate port rule. Program rules are created for specific program image. Even rebase could change that. Thanks. I'll try that next time. I found where to create port rules in Windows 7 Home Premium. Never have used them before in Windows and didn't know it was even possible in the cheap version. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
Greetings, Charles Russell! > SOLVED > On 12/17/2020 3:24 PM, Erik Soderquist wrote: >> in some cases I could not find any real >> issue, but deleting and recreating the rules fixed the issue. > That did the trick: simply deleting and reinstating the firewall > settings for sshd solved the problem on both computers. Told you just crate port rule. Program rules are created for specific program image. Even rebase could change that. -- With best regards, Andrey Repin Sunday, December 20, 2020 21:50:23 Sorry for my terrible english... -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On Thu, Dec 17, 2020 at 6:12 PM Bill Stewart wrote: > > On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote: > > > I've had weird instances where the Windows Firewall tools lied; I > > confirmed this by temporarily shutting down the Windows Firewall > > entirely, then restarting the service having problems and retesting. > > On retest, it worked fine, confirming it was the firewall causing the > > problem. > > I have never experienced anything like this, on any Windows version > for any application, after working with just about every version of > Windows firewall since its inception, in a number of different > organizations. > > In every case I thought the Windows firewall was the culprit, it turns > out it was my own misunderstanding. I kind of envy that... I've had a litany of weird did not make sense quirks dealing with many aspects of Windows in my career. -- Erik -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
On Fri, Dec 18, 2020 at 4:06 PM Charles Russell wrote: > > SOLVED > > On 12/17/2020 3:24 PM, Erik Soderquist wrote: > > > in some cases I could not find any real > > issue, but deleting and recreating the rules fixed the issue. > > That did the trick: simply deleting and reinstating the firewall > settings for sshd solved the problem on both computers. Gotta love Microsoft; it's in the license agreement!! ;) I'm glad it's working now. -- Erik -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
SOLVED On 12/17/2020 3:24 PM, Erik Soderquist wrote: > in some cases I could not find any real > issue, but deleting and recreating the rules fixed the issue. That did the trick: simply deleting and reinstating the firewall settings for sshd solved the problem on both computers. I had trouble deleting them initially, but this worked: Select control panel; windows firewall; advanced settings (If you have done something else under windows firewall before selecting advanced settings, you may not be asked for an administrative password. In that case, go back to control panel and start over.) Now select sshd, and in the right hand "actions" panel will appear an option to delete it. After deletion, go back to Allow a Program through Windows Firewall, then reinstall it. (Windows would not let me do this until after rebooting, which I found out the hard way. Instead of a message, it would just beep with each letter while I entered the administrative password, and then reject the password. One of the nicest things about Cygwin is keeping Windows at arm's length.) These steps fixed the problem on both computers. Why the minor network change precipitated the problem remains a mystery. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
Greetings, wors...@bellsouth.net! > While installing a new router, I changed my local network from > 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on > both of my remote computers, but only for Cygwin; sshd works fine if I > boot the remote computer from a linux thumb drive. I have noticed no > other problems with the new network configuration. > > ssh -vvv does not give any messages that look useful to me. > Authentication problems usually give some useful message, but this seems > to fail before getting that far: > ssh -vvv $ASUS12 > OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 > debug1: Reading configuration data /home/cdr/.ssh/config > debug1: /home/cdr/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh_config > debug2: resolve_canonicalize: hostname 192.168.50.105 is address > debug2: ssh_connect_direct > debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. > debug1: connect to address 192.168.50.105 port 22: Connection timed out > ssh: connect to host 192.168.50.105 port 22: Connection timed out > --- > The server is running, as confirmed by cyrunsrv -Q sshd. > /var/log/sshd.log is an empty file. > --- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > -- > However, telnet fails before returning the expected header string: > telnet $ASUS12 22 > Connecting To 192.168.50.105...Could not open connection to the host, on > port 22 > : Connect failed > (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 > Debian-10+deb10u2") > --- > I can't think what to try short of reinstalling sshd. Re-cehck the windows firewall settings. Manually open port 22 for incoming connections regardless of the app it is using or any addresses. -- With best regards, Andrey Repin Friday, December 18, 2020 11:28:10 Sorry for my terrible english... -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
On 12/17/2020 3:09 PM, Brian Inglis wrote: Have you checked your new router to see what default rules are enabled there? The router firewall is disabled. (I have a another router serving as a firewall between it and the modem.) Besides, all hosts are on the local side of the new router, and disabling the Windows firewall eliminates the problem. _ On 12/17/2020 3:23 PM, Bill Stewart wrote: If it works when you disable the firewall, then (to state the obvious, sorry) there is a rule in the firewall that is blocking the traffic. So far so good. I would suggest to examine all of the rules carefully. I say this because it is happened to me before, and I could have sworn that I looked at all of the rules. I've looked at Advanced Settings; Incoming Rules and I've looked at the output of netsh advfirewall firewall show rule name=all What else is there to look at in Windows 7 Home? This is doubly frustrating because Cygwin sshd has been running properly for 10 years on one of these computers and 8 years on the other. Perhaps I should reset the firewalls to default, but that will break other things. On 12/17/2020 3:24 PM, Erik Soderquist wrote: I've had weird instances where the Windows Firewall tools lied; I confirmed this by temporarily shutting down the Windows Firewall entirely, then restarting the service having problems and retesting. On retest, it worked fine, confirming it was the firewall causing the problem. I didn't have to restart sshd; I could connect as soon as I disabled Windows Firewall. What exactly the problem was varied (this has happened many many times to me)... In some cases it was the rule definition for the scope not matching the actual network, in some cases I could not find any real issue, but deleting and recreating the rules fixed the issue, in a few cases, I also found a deny rule that somehow matched the service having problems, and deny rules take precedence over allow rules. One example of the conflict could be "sshd allowed" vs "port 22 denied"; the deny would take precedence. I don't see any way to set port rules in Windows 7 Home, and none are visible in the list of incoming rules. I could not delete sshd, only disable it, even as administrator. (The delete button was grayed out). I disabled it, rebooted, then enabled it. That didn't help. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote: > I've had weird instances where the Windows Firewall tools lied; I > confirmed this by temporarily shutting down the Windows Firewall > entirely, then restarting the service having problems and retesting. > On retest, it worked fine, confirming it was the firewall causing the > problem. I have never experienced anything like this, on any Windows version for any application, after working with just about every version of Windows firewall since its inception, in a number of different organizations. In every case I thought the Windows firewall was the culprit, it turns out it was my own misunderstanding. Bill -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On Thu, Dec 17, 2020 at 3:51 PM Charles Russell wrote: > > On 12/17/2020 11:49 AM, Bill Stewart wrote: > > > Make sure to look carefully through all of the firewall rules and > > check whether there is a rule blocking that executable or port. > > > > Selecting "Advanced Settings" and then "incoming rules", I see one rule > for sshd private: enabled, allowed and one rule for sshd public: > enabled, allowed. There is a third rule for sshd domain: (disabled, > allowed). I believe that one is irrelevant but I enabled it anyway, > which did not help. I've had weird instances where the Windows Firewall tools lied; I confirmed this by temporarily shutting down the Windows Firewall entirely, then restarting the service having problems and retesting. On retest, it worked fine, confirming it was the firewall causing the problem. What exactly the problem was varied (this has happened many many times to me)... In some cases it was the rule definition for the scope not matching the actual network, in some cases I could not find any real issue, but deleting and recreating the rules fixed the issue, in a few cases, I also found a deny rule that somehow matched the service having problems, and deny rules take precedence over allow rules. One example of the conflict could be "sshd allowed" vs "port 22 denied"; the deny would take precedence. I suggest doing the firewall down/restart sshd test to confirm or refute the Windows Firewall being involved, then going from there. -- Erik -- "I do not think any of us are truly sane, Caleb. Not even you. Courage is not sanity. Being willing to die for someone else is not sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks those things, Caleb, I want no part of it." -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On Thu, Dec 17, 2020 at 1:51 PM Charles Russell wrote: > Selecting "Advanced Settings" and then "incoming rules", I see one rule > for sshd private: enabled, allowed and one rule for sshd public: > enabled, allowed. There is a third rule for sshd domain: (disabled, > allowed). I believe that one is irrelevant but I enabled it anyway, > which did not help. > > Is there someplace else I should look? This is Windows 7 Home Premium. If it works when you disable the firewall, then (to state the obvious, sorry) there is a rule in the firewall that is blocking the traffic. I would suggest to examine all of the rules carefully. I say this because it is happened to me before, and I could have sworn that I looked at all of the rules. BIll -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On 2020-12-17 13:51, Charles Russell wrote: On 12/17/2020 11:49 AM, Bill Stewart wrote: Make sure to look carefully through all of the firewall rules and check whether there is a rule blocking that executable or port. Selecting "Advanced Settings" and then "incoming rules", I see one rule for sshd private: enabled, allowed and one rule for sshd public: enabled, allowed. There is a third rule for sshd domain: (disabled, allowed). I believe that one is irrelevant but I enabled it anyway, which did not help. Is there someplace else I should look? This is Windows 7 Home Premium. Have you checked your new router to see what default rules are enabled there? Some routers may come with blocks for common attack vectors, against the router itself or the local network, that may need to be disabled if you want to allow connections from other systems. The router may have been setup or used by the selling org, or a customer, and returned and resold. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.] -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: sshd broken by seemingly trivial network change
On 12/17/2020 11:49 AM, Bill Stewart wrote: > Make sure to look carefully through all of the firewall rules and > check whether there is a rule blocking that executable or port. > Selecting "Advanced Settings" and then "incoming rules", I see one rule for sshd private: enabled, allowed and one rule for sshd public: enabled, allowed. There is a third rule for sshd domain: (disabled, allowed). I believe that one is irrelevant but I enabled it anyway, which did not help. Is there someplace else I should look? This is Windows 7 Home Premium. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
On Thu, Dec 17, 2020 at 10:44 AM Charles Russell wrote: > The last line was a giveaway. The problem is with the Windows firewall. > However, I have found no remedy apart from totally disabling the > firewall. The old settings no longer work: sshd is enabled for both > private and public networks, but the firewall is still blocking access. If you ever got a GUI pop-up in Windows requesting access and you canceled the dialog, I have noticed that Windows will add a "deny" rule to the firewall. Make sure to look carefully through all of the firewall rules and check whether there is a rule blocking that executable or port. Just something to check. Bill -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
On 12/16/2020 9:37 AM, wors...@bellsouth.net wrote: > While installing a new router, I changed my local network from > 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on > both of my remote computers, but only for Cygwin; sshd works fine if I > boot the remote computer from a linux thumb drive. I have noticed no > other problems with the new network configuration. > --- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > -- The last line was a giveaway. The problem is with the Windows firewall. However, I have found no remedy apart from totally disabling the firewall. The old settings no longer work: sshd is enabled for both private and public networks, but the firewall is still blocking access. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Re: Cygwin sshd broken by seemingly trivial network change
On Wed, Dec 16, 2020 at 09:37:08AM -0600, wors...@bellsouth.net wrote: > While installing a new router, I changed my local network from 192.168.4.* > to 192.168.50.*. This seems to have broken Cygwin sshd on both of my remote > computers, but only for Cygwin; sshd works fine if I boot the remote > computer from a linux thumb drive. I have noticed no other problems with the > new network configuration. > > ssh -vvv does not give any messages that look useful to me. Authentication > problems usually give some useful message, but this seems to fail before > getting that far: > > ssh -vvv $ASUS12 > OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 > debug1: Reading configuration data /home/cdr/.ssh/config > debug1: /home/cdr/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh_config > debug2: resolve_canonicalize: hostname 192.168.50.105 is address > debug2: ssh_connect_direct > debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. > debug1: connect to address 192.168.50.105 port 22: Connection timed out > ssh: connect to host 192.168.50.105 port 22: Connection timed out > --- > The server is running, as confirmed by cyrunsrv -Q sshd. > /var/log/sshd.log is an empty file. > --- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > -- > However, telnet fails before returning the expected header string: > telnet $ASUS12 22 > Connecting To 192.168.50.105...Could not open connection to the host, on > port 22 > : Connect failed > (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 > Debian-10+deb10u2") > --- I think 'filtered' means there is something in the way. Is all this on the same LAN but with a new router? Are the connections wireless? I would try the telnet test from the server itself, both to its external address and to localhost. All in search of clues. This seems like a networking issue or a specific configuration on the server that limits client access or listening ports. Stephen > I can't think what to try short of reinstalling sshd. > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation:https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
Cygwin sshd broken by seemingly trivial network change
While installing a new router, I changed my local network from 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on both of my remote computers, but only for Cygwin; sshd works fine if I boot the remote computer from a linux thumb drive. I have noticed no other problems with the new network configuration. ssh -vvv does not give any messages that look useful to me. Authentication problems usually give some useful message, but this seems to fail before getting that far: ssh -vvv $ASUS12 OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /home/cdr/.ssh/config debug1: /home/cdr/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh_config debug2: resolve_canonicalize: hostname 192.168.50.105 is address debug2: ssh_connect_direct debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. debug1: connect to address 192.168.50.105 port 22: Connection timed out ssh: connect to host 192.168.50.105 port 22: Connection timed out --- The server is running, as confirmed by cyrunsrv -Q sshd. /var/log/sshd.log is an empty file. --- nmap shows port 22 open on the remote server: nmap -p22 $ASUS12 Nmap scan report for asus12 (192.168.50.105) Host is up (0.13s latency). PORT STATE SERVICE 22/tcp filtered ssh -- However, telnet fails before returning the expected header string: telnet $ASUS12 22 Connecting To 192.168.50.105...Could not open connection to the host, on port 22 : Connect failed (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2") --- I can't think what to try short of reinstalling sshd. -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation:https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple