RE: sshd

2022-02-15 Thread Gajanana Shridhar 
It's a similar issue even after I tried to reinstall it on different drive (E) 
instead of C. Strange thing I am facing is I can connect with ssh sometimes and 
sometime it errors out. 

Thank You!

Regards,
Gajanana
-


-Original Message-
From: Cygwin  On 
Behalf Of Ernie Rael
Sent: 14 February 2022 13:12
To: cygwin@cygwin.com
Subject: Re: sshd

[CAUTION: EXTERNAL SENDER]



On 2/13/22 10:56 PM, Andrey Repin wrote:
> Greetings, Ernie Rael!
>
> ...
> Open Windows Firewall (cygstart WF.msc), find all your sshd rules and 
> trash them. Manually create (or tweak Windows sshd one) a single rule 
> for port rather than executable.
> Additionally, to resolve conflicts with stock sshd, create a file 
> %ProgramData%\ssh\sshd_config with single line `Port 2022` (for example).
>
>
Bingo. Many thanks.

I'd never opened the Windows Firewall before (IIRC), I didn't get the other 
references, looking around I ran into some windows defender thing, that said it 
had never run before, so I ignored it and figured it wasn't the firewall. I 
didn't realize the firewall was so pervasive.

Anyway, I found some sshd rules that referenced "C:/cygwin64/..." and a few 
years back I'd reinstalled cygwin on F: to get it off of C:, but the rules were 
never updated. So change "C" to "F" in a couple spots and now it connects.

Thanks again,
-ernie

PS Now I can track down why rsync asks for a passwd but ssh doesn't :-)



--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-13 Thread Ernie Rael 

On 2/13/22 10:56 PM, Andrey Repin wrote:

Greetings, Ernie Rael!

...
Open Windows Firewall (cygstart WF.msc), find all your sshd rules and trash
them. Manually create (or tweak Windows sshd one) a single rule for port
rather than executable.
Additionally, to resolve conflicts with stock sshd, create a file
%ProgramData%\ssh\sshd_config with single line `Port 2022` (for example).



Bingo. Many thanks.

I'd never opened the Windows Firewall before (IIRC), I didn't get the 
other references, looking around I ran into some windows defender thing, 
that said it had never run before, so I ignored it and figured it wasn't 
the firewall. I didn't realize the firewall was so pervasive.


Anyway, I found some sshd rules that referenced "C:/cygwin64/..." and a 
few years back I'd reinstalled cygwin on F: to get it off of C:, but the 
rules were never updated. So change "C" to "F" in a couple spots and now 
it connects.


Thanks again,
-ernie

PS Now I can track down why rsync asks for a passwd but ssh doesn't :-)



--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-13 Thread Andrey Repin 
Greetings, Ernie Rael!

> On 2/12/22 9:29 PM, Mark Geisert wrote:
>> Ernie Rael wrote:
>>> Hi all,
>>>
>>> I set up cygwin several years ago and have only had one system at 
>>> home. I've recently got a 2nd, linux.
>>>
>>> I've used ssh locally under cygwin, primarily to get a term for a use 
>>> with admin priv. And I can ssh from cygwin to the linux machine. On 
>>> cygwin I see
>>>
>>>     $ ps -ef |grep sshd
>>>     cyg_serv 255 254 ?  Feb  1 /usr/sbin/sshd
>>>
>>> But ssh from linux to cygwin hangs (finally times out). Ping works 
>>> linux --> windows.
>>>
>>> I must have run ssh-host-config way back when. Can I just run it again?
>>>
>>> Suggestions for something else to try and/or triage the problem?
>>
>> You might try the following.  Determine the Windows pid of your sshd 
>> process, then use netstat to see if that process is listening on the 
>> sshd port.  Here's what a successful check looks like:
>>
>> ~ ps -as|grep sshd
>>   42834 ?  Jan 16 /usr/sbin/sshd
>>
>> ~ ps -lp 42834
>>   PID    PPID    PGID WINPID   TTY UID    STIME COMMAND
>>     42834   42832   42834   5972  ? 197612   Jan 16 
>> /usr/sbin/sshd
>>
>> ~ netstat -ao|grep 5972
>>   TCP    0.0.0.0:22 zotac:0 LISTENING   5972
>>   TCP    [::]:22    zotac:0 LISTENING   5972
>>
>> If the two output lines aren't there, I'd suspect a Windows firewall 
>> has TCP port 22 walled off.  ("zotac" is my machine name; you'll see 
>> something different there.)
>> HTH,
>>
>> ..mark
>>
> Thanks Mark,

> Doesn't seem to be a firewall issue. NetStat took about 90 seconds.

> $ ps -lp 255
>    PID    PPID    PGID WINPID   TTY UID    STIME COMMAND
>    255 254 255   4176  ?   1006   Feb  1 
> /usr/sbin/sshd

> $ netstat -ao | grep 4176
>    TCP    0.0.0.0:22 spirit:0 LISTENING   4176
>    TCP    [::]:22    spirit:0 LISTENING   4176

Open Windows Firewall (cygstart WF.msc), find all your sshd rules and trash
them. Manually create (or tweak Windows sshd one) a single rule for port
rather than executable.
Additionally, to resolve conflicts with stock sshd, create a file
%ProgramData%\ssh\sshd_config with single line `Port 2022` (for example).


-- 
With best regards,
Andrey Repin
Monday, February 14, 2022 9:34:52

Sorry for my terrible english...

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-13 Thread Erik Soderquist 
On Sun, Feb 13, 2022 at 7:38 AM Ernie Rael wrote:
> Doesn't seem to be a firewall issue. NetStat took about 90 seconds.
>
> $ ps -lp 255
>PIDPPIDPGID WINPID   TTY UIDSTIME COMMAND
>255 254 255   4176  ?   1006   Feb  1
> /usr/sbin/sshd
>
> $ netstat -ao | grep 4176
>TCP0.0.0.0:22 spirit:0 LISTENING   4176
>TCP[::]:22spirit:0 LISTENING   4176

It might still be a Windows Firewall issue; I've seen it listening
fine before and Windows Firewall silently discarding the packets.  I
suggest
- carefully searching all process deny rules in case  Windows silently
added a deny rule for the sshd process (yes, I've seen this happen)
- adding a blanket allow rule in your Windows Firewall for tcp/22 from
anywhere applied to all domains as a test.

If either/both of these resolve the issue, make a better firewall rule
for your use case.  Also be aware that Windows Firewall rules for
processes/binaries also do some kind of validation of the file itself,
so upgrades often break it because the file that was allowed has been
replaced and the replaced version needs to be manually allowed again.

-- Erik

 --
 --
 "I do not think any of us are truly sane, Caleb. Not even you.
Courage is not sanity. Being willing to die for someone else is not
sanity." ... "Love is not sane, nor is faith." ... "If sanity lacks
those things, Caleb, I want no part of it."

 -- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-13 Thread Ernie Rael 

Thanks Russell,
cygrunsrv's running

$ cygrunsrv --list
sshd

$ cygrunsrv --query sshd
Service : sshd
Display name    : CYGWIN sshd
Current State   : Running
Controls Accepted   : Stop
Command : /usr/sbin/sshd -D


-ernie

On 2/12/22 10:30 PM, Russell VT wrote:

Note that port 5972 isn't *really* what you want, as that's arbitrary...
but port 22.

Check the Windows firewall, as was already suggested (highly suspect, if
you just timeout when trying to connect).

If you try rebuilding what you did under Windows, you're likely going to
want to look at *cygserver* and *cygrunsrv*, and NOT directly at sshd. It's
in /usr/sbin, generally.

Something like:

$ cygrunsrv --list
cygsshd

$ cygrunsrv --query cygsshd
Service : cygsshd
Display name: CYGWIN cygsshd
Current State   : Stopped
Command : /usr/sbin/sshd -D


You might also look to the Windows System Utilities / Sysinternals
 (optional download), and
the "Process Explorer" for more detailed Windows information at the tips of
your fingers. They update every month or two, and are worth keeping
"reasonably up to date." There's a plethora of Windows troubleshooting
tools, and some fun stuff as-well.

Cheers -
Russell







On Sat, Feb 12, 2022 at 9:30 PM Mark Geisert  wrote:


Ernie Rael wrote:

Hi all,

I set up cygwin several years ago and have only had one system at home.

I've

recently got a 2nd, linux.

I've used ssh locally under cygwin, primarily to get a term for a use

with admin

priv. And I can ssh from cygwin to the linux machine. On cygwin I see

 $ ps -ef |grep sshd
 cyg_serv 255 254 ?  Feb  1 /usr/sbin/sshd

But ssh from linux to cygwin hangs (finally times out). Ping works linux

--> windows.

I must have run ssh-host-config way back when. Can I just run it again?

Suggestions for something else to try and/or triage the problem?

You might try the following.  Determine the Windows pid of your sshd
process, then
use netstat to see if that process is listening on the sshd port.  Here's
what a
successful check looks like:

~ ps -as|grep sshd
42834 ?  Jan 16 /usr/sbin/sshd

~ ps -lp 42834
PIDPPIDPGID WINPID   TTY UIDSTIME COMMAND
  42834   42832   42834   5972  ? 197612   Jan 16
/usr/sbin/sshd

~ netstat -ao|grep 5972
TCP0.0.0.0:22 zotac:0LISTENING
  5972
TCP[::]:22zotac:0LISTENING
  5972

If the two output lines aren't there, I'd suspect a Windows firewall has
TCP port
22 walled off.  ("zotac" is my machine name; you'll see something
different there.)
HTH,

..mark

--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple






--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-13 Thread Ernie Rael 

On 2/12/22 9:29 PM, Mark Geisert wrote:

Ernie Rael wrote:

Hi all,

I set up cygwin several years ago and have only had one system at 
home. I've recently got a 2nd, linux.


I've used ssh locally under cygwin, primarily to get a term for a use 
with admin priv. And I can ssh from cygwin to the linux machine. On 
cygwin I see


    $ ps -ef |grep sshd
    cyg_serv 255 254 ?  Feb  1 /usr/sbin/sshd

But ssh from linux to cygwin hangs (finally times out). Ping works 
linux --> windows.


I must have run ssh-host-config way back when. Can I just run it again?

Suggestions for something else to try and/or triage the problem?


You might try the following.  Determine the Windows pid of your sshd 
process, then use netstat to see if that process is listening on the 
sshd port.  Here's what a successful check looks like:


~ ps -as|grep sshd
  42834 ?  Jan 16 /usr/sbin/sshd

~ ps -lp 42834
  PID    PPID    PGID WINPID   TTY UID    STIME COMMAND
    42834   42832   42834   5972  ? 197612   Jan 16 
/usr/sbin/sshd


~ netstat -ao|grep 5972
  TCP    0.0.0.0:22 zotac:0 LISTENING   5972
  TCP    [::]:22    zotac:0 LISTENING   5972

If the two output lines aren't there, I'd suspect a Windows firewall 
has TCP port 22 walled off.  ("zotac" is my machine name; you'll see 
something different there.)

HTH,

..mark


Thanks Mark,

Doesn't seem to be a firewall issue. NetStat took about 90 seconds.

$ ps -lp 255
  PID    PPID    PGID WINPID   TTY UID    STIME COMMAND
  255 254 255   4176  ?   1006   Feb  1 
/usr/sbin/sshd


$ netstat -ao | grep 4176
  TCP    0.0.0.0:22 spirit:0 LISTENING   4176
  TCP    [::]:22    spirit:0 LISTENING   4176


--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-12 Thread Russell VT 
Note that port 5972 isn't *really* what you want, as that's arbitrary...
but port 22.

Check the Windows firewall, as was already suggested (highly suspect, if
you just timeout when trying to connect).

If you try rebuilding what you did under Windows, you're likely going to
want to look at *cygserver* and *cygrunsrv*, and NOT directly at sshd. It's
in /usr/sbin, generally.

Something like:

$ cygrunsrv --list
cygsshd

$ cygrunsrv --query cygsshd
Service : cygsshd
Display name: CYGWIN cygsshd
Current State   : Stopped
Command : /usr/sbin/sshd -D


You might also look to the Windows System Utilities / Sysinternals
 (optional download), and
the "Process Explorer" for more detailed Windows information at the tips of
your fingers. They update every month or two, and are worth keeping
"reasonably up to date." There's a plethora of Windows troubleshooting
tools, and some fun stuff as-well.

Cheers -
Russell







On Sat, Feb 12, 2022 at 9:30 PM Mark Geisert  wrote:

> Ernie Rael wrote:
> > Hi all,
> >
> > I set up cygwin several years ago and have only had one system at home.
> I've
> > recently got a 2nd, linux.
> >
> > I've used ssh locally under cygwin, primarily to get a term for a use
> with admin
> > priv. And I can ssh from cygwin to the linux machine. On cygwin I see
> >
> > $ ps -ef |grep sshd
> > cyg_serv 255 254 ?  Feb  1 /usr/sbin/sshd
> >
> > But ssh from linux to cygwin hangs (finally times out). Ping works linux
> --> windows.
> >
> > I must have run ssh-host-config way back when. Can I just run it again?
> >
> > Suggestions for something else to try and/or triage the problem?
>
> You might try the following.  Determine the Windows pid of your sshd
> process, then
> use netstat to see if that process is listening on the sshd port.  Here's
> what a
> successful check looks like:
>
> ~ ps -as|grep sshd
>42834 ?  Jan 16 /usr/sbin/sshd
>
> ~ ps -lp 42834
>PIDPPIDPGID WINPID   TTY UIDSTIME COMMAND
>  42834   42832   42834   5972  ? 197612   Jan 16
> /usr/sbin/sshd
>
> ~ netstat -ao|grep 5972
>TCP0.0.0.0:22 zotac:0LISTENING
>  5972
>TCP[::]:22zotac:0LISTENING
>  5972
>
> If the two output lines aren't there, I'd suspect a Windows firewall has
> TCP port
> 22 walled off.  ("zotac" is my machine name; you'll see something
> different there.)
> HTH,
>
> ..mark
>
> --
> Problem reports:  https://cygwin.com/problems.html
> FAQ:  https://cygwin.com/faq/
> Documentation:https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
>


-- 
Russell M. Van Tassell 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd

2022-02-12 Thread Mark Geisert 

Ernie Rael wrote:

Hi all,

I set up cygwin several years ago and have only had one system at home. I've 
recently got a 2nd, linux.


I've used ssh locally under cygwin, primarily to get a term for a use with admin 
priv. And I can ssh from cygwin to the linux machine. On cygwin I see


    $ ps -ef |grep sshd
    cyg_serv 255 254 ?  Feb  1 /usr/sbin/sshd

But ssh from linux to cygwin hangs (finally times out). Ping works linux --> 
windows.

I must have run ssh-host-config way back when. Can I just run it again?

Suggestions for something else to try and/or triage the problem?


You might try the following.  Determine the Windows pid of your sshd process, then 
use netstat to see if that process is listening on the sshd port.  Here's what a 
successful check looks like:


~ ps -as|grep sshd
  42834 ?  Jan 16 /usr/sbin/sshd

~ ps -lp 42834
  PIDPPIDPGID WINPID   TTY UIDSTIME COMMAND
42834   42832   42834   5972  ? 197612   Jan 16 /usr/sbin/sshd

~ netstat -ao|grep 5972
  TCP0.0.0.0:22 zotac:0LISTENING   5972
  TCP[::]:22zotac:0LISTENING   5972

If the two output lines aren't there, I'd suspect a Windows firewall has TCP port 
22 walled off.  ("zotac" is my machine name; you'll see something different there.)

HTH,

..mark

--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Corinna Vinschen via Cygwin 
On Aug  6 16:16, ASSI wrote:
> Corinna Vinschen via Cygwin writes:
> >> I found the solution by myself. Installing libcbor-devel package
> >> fixes this error.
> >
> > I just uploaded libfido2-1.5.0-2, which just adds a dependency from
> > libfido2-devel to libcbor-devel.
> 
> It would have sufficed to just upload a new hint file…
> :-)

That wouldn't have helped those who already have libfido2-devel
installed ;)


Corinna

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread ASSI 
Corinna Vinschen via Cygwin writes:
>> I found the solution by myself. Installing libcbor-devel package
>> fixes this error.
>
> I just uploaded libfido2-1.5.0-2, which just adds a dependency from
> libfido2-devel to libcbor-devel.

It would have sufficed to just upload a new hint file…
:-)


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for KORG EX-800 and Poly-800MkII V0.9:
http://Synth.Stromeko.net/Downloads.html#KorgSDada

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Corinna Vinschen via Cygwin 
On Aug  6 20:14, Takashi Yano via Cygwin wrote:
> On Fri, 6 Aug 2021 11:11:05 +0200
> Corinna Vinschen wrote:
> > On Aug  6 10:55, Takashi Yano via Cygwin wrote:
> > > Hi Corinna,
> > > 
> > > On Fri, 6 Aug 2021 01:43:31 +0900
> > > Takashi Yano wrote:
> > > > Hi Corinna,
> > > > 
> > > > On Thu, 5 Aug 2021 17:07:24 +0200
> > > > Corinna Vinschen wrote:
> > > > > Could you perhaps bisect the issue on your machine?
> > > > 
> > > > In my environment, this does not happen with 8.4p1-1 and 8.4p1-2.
> > > > However it happens with 8.5p1-1.
> > > > [...]
> > > I looked into the openssh code and might find a calprit.
> > > I guess the following patch solves the issue.
> > > 
> > > --- serverloop.c.orig 2021-03-02 19:31:47.0 +0900
> > > +++ serverloop.c  2021-08-06 10:41:55.439357200 +0900
> > > @@ -333,7 +333,7 @@
> > >   return -1;
> > >   } else if (len == -1) {
> > >   if (errno == EINTR || errno == EAGAIN ||
> > > - errno != EWOULDBLOCK)
> > > + errno == EWOULDBLOCK)
> > >   return 0;
> > >   verbose("Read error from remote host %s port %d: %s",
> > >   ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
> > > 
> > > 
> > > This seems to be a upstream bug which has been already fixed.
> > > 
> > > Please refer to:
> > > https://github.com/openssh/openssh-portable/commit/2dc328023f60212cd29504fc05d849133ae47355
> > 
> > Gosh, looks like I totally missed the 8.6p1 release!
> > 
> > I'll build and upload 8.6p1 ASAP.
> 
> I have confirmed that the issue has been fixed in 8.6p1-1.

Great, thanks for testing!


Corinna

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Corinna Vinschen via Cygwin 
On Aug  6 21:35, Takashi Yano via Cygwin wrote:
> On Fri, 6 Aug 2021 20:30:58 +0900
> Takashi Yano wrote:
> > On Fri, 6 Aug 2021 01:43:31 +0900
> > Takashi Yano wrote:
> > > In order to look into this problem, I tried to build openssh-8.5p1-1
> > > from source, however it cause the error in configure stage:
> > > 
> > > ...
> > > checking for pkg-config... (cached) /usr/bin/pkg-config
> > > checking if /usr/bin/pkg-config knows about libfido2... no
> > > checking for fido_init in -lfido2... no
> > > configure: error: no usable libfido2 found
> > > *** ERROR: configure failed
> > > 
> > > despite libfido2-devel had been installed.
> > 
> > BTW, does anyone have suggestion for this error?
> 
> I found the solution by myself. Installing libcbor-devel package
> fixes this error.

I just uploaded libfido2-1.5.0-2, which just adds a dependency from
libfido2-devel to libcbor-devel.


HTH,
Corinna

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Takashi Yano via Cygwin 
On Fri, 6 Aug 2021 20:30:58 +0900
Takashi Yano wrote:
> On Fri, 6 Aug 2021 01:43:31 +0900
> Takashi Yano wrote:
> > In order to look into this problem, I tried to build openssh-8.5p1-1
> > from source, however it cause the error in configure stage:
> > 
> > ...
> > checking for pkg-config... (cached) /usr/bin/pkg-config
> > checking if /usr/bin/pkg-config knows about libfido2... no
> > checking for fido_init in -lfido2... no
> > configure: error: no usable libfido2 found
> > *** ERROR: configure failed
> > 
> > despite libfido2-devel had been installed.
> 
> BTW, does anyone have suggestion for this error?

I found the solution by myself. Installing libcbor-devel package
fixes this error.

Thanks.

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Takashi Yano via Cygwin 
On Fri, 6 Aug 2021 01:43:31 +0900
Takashi Yano wrote:
> In order to look into this problem, I tried to build openssh-8.5p1-1
> from source, however it cause the error in configure stage:
> 
> ...
> checking for pkg-config... (cached) /usr/bin/pkg-config
> checking if /usr/bin/pkg-config knows about libfido2... no
> checking for fido_init in -lfido2... no
> configure: error: no usable libfido2 found
> *** ERROR: configure failed
> 
> despite libfido2-devel had been installed.

BTW, does anyone have suggestion for this error?

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Takashi Yano via Cygwin 
On Fri, 6 Aug 2021 11:11:05 +0200
Corinna Vinschen wrote:
> On Aug  6 10:55, Takashi Yano via Cygwin wrote:
> > Hi Corinna,
> > 
> > On Fri, 6 Aug 2021 01:43:31 +0900
> > Takashi Yano wrote:
> > > Hi Corinna,
> > > 
> > > On Thu, 5 Aug 2021 17:07:24 +0200
> > > Corinna Vinschen wrote:
> > > > Could you perhaps bisect the issue on your machine?
> > > 
> > > In my environment, this does not happen with 8.4p1-1 and 8.4p1-2.
> > > However it happens with 8.5p1-1.
> > > [...]
> > I looked into the openssh code and might find a calprit.
> > I guess the following patch solves the issue.
> > 
> > --- serverloop.c.orig   2021-03-02 19:31:47.0 +0900
> > +++ serverloop.c2021-08-06 10:41:55.439357200 +0900
> > @@ -333,7 +333,7 @@
> > return -1;
> > } else if (len == -1) {
> > if (errno == EINTR || errno == EAGAIN ||
> > -   errno != EWOULDBLOCK)
> > +   errno == EWOULDBLOCK)
> > return 0;
> > verbose("Read error from remote host %s port %d: %s",
> > ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
> > 
> > 
> > This seems to be a upstream bug which has been already fixed.
> > 
> > Please refer to:
> > https://github.com/openssh/openssh-portable/commit/2dc328023f60212cd29504fc05d849133ae47355
> 
> Gosh, looks like I totally missed the 8.6p1 release!
> 
> I'll build and upload 8.6p1 ASAP.

I have confirmed that the issue has been fixed in 8.6p1-1.

Thansk.

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-06 Thread Corinna Vinschen via Cygwin 
On Aug  6 10:55, Takashi Yano via Cygwin wrote:
> Hi Corinna,
> 
> On Fri, 6 Aug 2021 01:43:31 +0900
> Takashi Yano wrote:
> > Hi Corinna,
> > 
> > On Thu, 5 Aug 2021 17:07:24 +0200
> > Corinna Vinschen wrote:
> > > Could you perhaps bisect the issue on your machine?
> > 
> > In my environment, this does not happen with 8.4p1-1 and 8.4p1-2.
> > However it happens with 8.5p1-1.
> > [...]
> I looked into the openssh code and might find a calprit.
> I guess the following patch solves the issue.
> 
> --- serverloop.c.orig 2021-03-02 19:31:47.0 +0900
> +++ serverloop.c  2021-08-06 10:41:55.439357200 +0900
> @@ -333,7 +333,7 @@
>   return -1;
>   } else if (len == -1) {
>   if (errno == EINTR || errno == EAGAIN ||
> - errno != EWOULDBLOCK)
> + errno == EWOULDBLOCK)
>   return 0;
>   verbose("Read error from remote host %s port %d: %s",
>   ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
> 
> 
> This seems to be a upstream bug which has been already fixed.
> 
> Please refer to:
> https://github.com/openssh/openssh-portable/commit/2dc328023f60212cd29504fc05d849133ae47355

Gosh, looks like I totally missed the 8.6p1 release!

I'll build and upload 8.6p1 ASAP.


Thanks,
Corinna

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-05 Thread Takashi Yano via Cygwin 
Hi Corinna,

On Fri, 6 Aug 2021 01:43:31 +0900
Takashi Yano wrote:
> Hi Corinna,
> 
> On Thu, 5 Aug 2021 17:07:24 +0200
> Corinna Vinschen wrote:
> > Could you perhaps bisect the issue on your machine?
> 
> In my environment, this does not happen with 8.4p1-1 and 8.4p1-2.
> However it happens with 8.5p1-1.
> 
> > The fact that using Windows ssh is an issue makes me wonder if this is
> > some kind of pty problem.
> 
> With command 'ssh user@localhost ls', pty does not allocated.
> It seems that this issue does not happen if -t option (allocate
> tty) is specified. So I think this is not a pty problem.
> 
> In order to look into this problem, I tried to build openssh-8.5p1-1
> from source, however it cause the error in configure stage:
> 
> ...
> checking for pkg-config... (cached) /usr/bin/pkg-config
> checking if /usr/bin/pkg-config knows about libfido2... no
> checking for fido_init in -lfido2... no
> configure: error: no usable libfido2 found
> *** ERROR: configure failed
> 
> despite libfido2-devel had been installed.
> 
> $ cygcheck -c libfido2-devel
> Cygwin Package Information
> Package  VersionStatus
> libfido2-devel   1.5.0-1OK
> 
> How can I solve this error?

I looked into the openssh code and might find a calprit.
I guess the following patch solves the issue.

--- serverloop.c.orig   2021-03-02 19:31:47.0 +0900
+++ serverloop.c2021-08-06 10:41:55.439357200 +0900
@@ -333,7 +333,7 @@
return -1;
} else if (len == -1) {
if (errno == EINTR || errno == EAGAIN ||
-   errno != EWOULDBLOCK)
+   errno == EWOULDBLOCK)
return 0;
verbose("Read error from remote host %s port %d: %s",
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),


This seems to be a upstream bug which has been already fixed.

Please refer to:
https://github.com/openssh/openssh-portable/commit/2dc328023f60212cd29504fc05d849133ae47355

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-05 Thread Takashi Yano via Cygwin 
Hi Corinna,

On Thu, 5 Aug 2021 17:07:24 +0200
Corinna Vinschen wrote:
> Could you perhaps bisect the issue on your machine?

In my environment, this does not happen with 8.4p1-1 and 8.4p1-2.
However it happens with 8.5p1-1.

> The fact that using Windows ssh is an issue makes me wonder if this is
> some kind of pty problem.

With command 'ssh user@localhost ls', pty does not allocated.
It seems that this issue does not happen if -t option (allocate
tty) is specified. So I think this is not a pty problem.

In order to look into this problem, I tried to build openssh-8.5p1-1
from source, however it cause the error in configure stage:

...
checking for pkg-config... (cached) /usr/bin/pkg-config
checking if /usr/bin/pkg-config knows about libfido2... no
checking for fido_init in -lfido2... no
configure: error: no usable libfido2 found
*** ERROR: configure failed

despite libfido2-devel had been installed.

$ cygcheck -c libfido2-devel
Cygwin Package Information
Package  VersionStatus
libfido2-devel   1.5.0-1OK

How can I solve this error?

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-05 Thread Corinna Vinschen via Cygwin 
On Aug  5 19:12, Takashi Yano via Cygwin wrote:
> Hi everyone,
> 
> On Wed, 28 Apr 2021 07:23:02 +0300
> Andrey Repin  wrote:
> 
> > Greetings, Christoph Lüders!
> > 
> > > I run cygwin 32-bit on Windows 10 Pro Build 19042.  Cygwin is 3.2.0-1,
> > > openssh is 8.5p1-1.
> > 
> > > I use sshd to access the machine from afar.  I notice (often multiple)
> > > processes of sshd.exe with 100% CPU load.
> > 
> > https://cygwin.com/pipermail/cygwin/2021-April/248299.html
> > https://cygwin.com/pipermail/cygwin/2021-April/248309.html
> > 
> > > A stack shown with procexp has function names like
> > > "cygwin1.dll!acl_get_perm" and "cygwin1.dll!_assert".
> > 
> > > Can anyone give me some advice how to proceed further?  I have updated
> > > to the latest cygwin multiple times; reboot doesn't help either.
> 
> I have finally found how to reproduce this problem in my
> environment. The reproduce steps are as follows.
> 
> 1. Install cygwin sshd as a service and start it.
> 2. Connect to sshd by 'ssh user@localhost ls' using **Windows** ssh.exe.
> 3. Check if sshd remains with high CPU load.
> 
> I have confirmed that this issue happens in a few my PCs.
> 
> Corinna, could you please have a look?

Could you perhaps bisect the issue on your machine?

The fact that using Windows ssh is an issue makes me wonder if this is
some kind of pty problem.

The stack info seems fishy to me.  sshd doesn't use any ACL functions.


Corinna

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-08-05 Thread Takashi Yano via Cygwin 
Hi everyone,

On Wed, 28 Apr 2021 07:23:02 +0300
Andrey Repin  wrote:

> Greetings, Christoph Lüders!
> 
> > I run cygwin 32-bit on Windows 10 Pro Build 19042.  Cygwin is 3.2.0-1,
> > openssh is 8.5p1-1.
> 
> > I use sshd to access the machine from afar.  I notice (often multiple)
> > processes of sshd.exe with 100% CPU load.
> 
> https://cygwin.com/pipermail/cygwin/2021-April/248299.html
> https://cygwin.com/pipermail/cygwin/2021-April/248309.html
> 
> > A stack shown with procexp has function names like
> > "cygwin1.dll!acl_get_perm" and "cygwin1.dll!_assert".
> 
> > Can anyone give me some advice how to proceed further?  I have updated
> > to the latest cygwin multiple times; reboot doesn't help either.

I have finally found how to reproduce this problem in my
environment. The reproduce steps are as follows.

1. Install cygwin sshd as a service and start it.
2. Connect to sshd by 'ssh user@localhost ls' using **Windows** ssh.exe.
3. Check if sshd remains with high CPU load.

I have confirmed that this issue happens in a few my PCs.

Corinna, could you please have a look?

-- 
Takashi Yano 

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-28 Thread A. Doggy via Cygwin 



On 5/28/2021 7:06 PM, A. Doggy wrote:


On 5/27/2021 7:51 AM, A. Doggy wrote:


On 5/25/2021 8:23 PM, A. Doggy wrote:


On 5/20/2021 9:31 PM, A. Doggy wrote:

To cygwin.


A Little more info: I actually have 1 client that connects 
regularly to the server. That client uses a program called 
goodsync. When I block goodsync from connecting, the problem goes 
away and I only have 1 sshd.exe process running. When I unblock 
goodsync, I have multiple sshd.exe processes running and my cpu 
gets maxed out. Please test it like this. Thanks.


On 5/20/2021 12:02 PM, A. Doggy wrote:

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been 
doing so for many years with out issue. Recently, I have been 
running into an issue where it maxes out my cpu on any version 
newer than 8.4p1-1. The solution is to downgrade to 8.4p1-1. My 
server machine is a dell t330 running windows 10. I am not a 
business despite using business grade hardware.I have tried both 
20h2 and 21h1 but no luck. There are no users signed in when the 
issues occur and occurs within minutes of booting up. The only 
change from the default config is I have it running on a 
nonstandard port. Any advice is welcome as I really would like to 
upgrade to a newer version. Thanks






To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.

bump



To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.






double bump


To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.





To Cygwin,


The problem still exits. Thanks.


--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-28 Thread A. Doggy via Cygwin 



On 5/27/2021 7:51 AM, A. Doggy wrote:


On 5/25/2021 8:23 PM, A. Doggy wrote:


On 5/20/2021 9:31 PM, A. Doggy wrote:

To cygwin.


A Little more info: I actually have 1 client that connects regularly 
to the server. That client uses a program called goodsync. When I 
block goodsync from connecting, the problem goes away and I only 
have 1 sshd.exe process running. When I unblock goodsync, I have 
multiple sshd.exe processes running and my cpu gets maxed out. 
Please test it like this. Thanks.


On 5/20/2021 12:02 PM, A. Doggy wrote:

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been 
doing so for many years with out issue. Recently, I have been 
running into an issue where it maxes out my cpu on any version 
newer than 8.4p1-1. The solution is to downgrade to 8.4p1-1. My 
server machine is a dell t330 running windows 10. I am not a 
business despite using business grade hardware.I have tried both 
20h2 and 21h1 but no luck. There are no users signed in when the 
issues occur and occurs within minutes of booting up. The only 
change from the default config is I have it running on a 
nonstandard port. Any advice is welcome as I really would like to 
upgrade to a newer version. Thanks






To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.

bump



To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.






double bump


To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to update 
and be stuck. Thanks.



--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-27 Thread A. Doggy via Cygwin 



On 5/25/2021 8:23 PM, A. Doggy wrote:


On 5/20/2021 9:31 PM, A. Doggy wrote:

To cygwin.


A Little more info: I actually have 1 client that connects regularly 
to the server. That client uses a program called goodsync. When I 
block goodsync from connecting, the problem goes away and I only have 
1 sshd.exe process running. When I unblock goodsync, I have multiple 
sshd.exe processes running and my cpu gets maxed out. Please test it 
like this. Thanks.


On 5/20/2021 12:02 PM, A. Doggy wrote:

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been doing 
so for many years with out issue. Recently, I have been running 
into an issue where it maxes out my cpu on any version newer than 
8.4p1-1. The solution is to downgrade to 8.4p1-1. My server machine 
is a dell t330 running windows 10. I am not a business despite 
using business grade hardware.I have tried both 20h2 and 21h1 but 
no luck. There are no users signed in when the issues occur and 
occurs within minutes of booting up. The only change from the 
default config is I have it running on a nonstandard port. Any 
advice is welcome as I really would like to upgrade to a newer 
version. Thanks






To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to 
update and be stuck. Thanks.




bump


To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to update 
and be stuck. Thanks.



--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-25 Thread A. Doggy via Cygwin 



On 5/20/2021 9:31 PM, A. Doggy wrote:

To cygwin.


A Little more info: I actually have 1 client that connects regularly 
to the server. That client uses a program called goodsync. When I 
block goodsync from connecting, the problem goes away and I only have 
1 sshd.exe process running. When I unblock goodsync, I have multiple 
sshd.exe processes running and my cpu gets maxed out. Please test it 
like this. Thanks.


On 5/20/2021 12:02 PM, A. Doggy wrote:

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been doing 
so for many years with out issue. Recently, I have been running into 
an issue where it maxes out my cpu on any version newer than 
8.4p1-1. The solution is to downgrade to 8.4p1-1. My server machine 
is a dell t330 running windows 10. I am not a business despite using 
business grade hardware.I have tried both 20h2 and 21h1 but no luck. 
There are no users signed in when the issues occur and occurs within 
minutes of booting up. The only change from the default config is I 
have it running on a nonstandard port. Any advice is welcome as I 
really would like to upgrade to a newer version. Thanks






To Cygwin,


I remember seeing someone was going to work on this on Sunday. I am 
checking if this is resolved for other users as I do not want to update 
and be stuck. Thanks.





--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-22 Thread Andrey Repin via Cygwin 
Greetings, A. Doggy!

Bottom post please.

> On 5/20/2021 12:02 PM, A. Doggy wrote:
>> Anyone?
>>
>> On 5/19/2021 12:48 AM, A. Doggy wrote:
>>> To Cygwin,
>>>
>>>
>>> I am running cygwin openssh as a windows service. I have been doing 
>>> so for many years with out issue. Recently, I have been running into 
>>> an issue where it maxes out my cpu on any version newer than 8.4p1-1. 
>>> The solution is to downgrade to 8.4p1-1. My server machine is a dell 
>>> t330 running windows 10. I am not a business despite using business 
>>> grade hardware.I have tried both 20h2 and 21h1 but no luck. There are 
>>> no users signed in when the issues occur and occurs within minutes of 
>>> booting up. The only change from the default config is I have it 
>>> running on a nonstandard port. Any advice is welcome as I really 
>>> would like to upgrade to a newer version. Thanks
>>>

> A Little more info: I actually have 1 client that connects regularly to
> the server. That client uses a program called goodsync. When I block 
> goodsync from connecting, the problem goes away and I only have 1 
> sshd.exe process running. When I unblock goodsync, I have multiple 
> sshd.exe processes running and my cpu gets maxed out. Please test it 
> like this. Thanks.

That means the program does not terminate SSH session cleanly.


-- 
With best regards,
Andrey Repin
Saturday, May 22, 2021 18:47:32

Sorry for my terrible english...


-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: EXTERNAL: Re: sshd high cpu load

2021-05-21 Thread Wells, Roger K. via Cygwin 
On 5/20/21 4:35 PM, Andrey Repin wrote:
> CAUTION: This email originated from outside of Leidos. Be cautious when 
> clicking or opening content.
>
> Greetings, Wells, Roger K.!
>
>>> On 5/19/2021 12:48 AM, A. Doggy wrote:

 I am running cygwin openssh as a windows service. I have been doing
 so for many years with out issue. Recently, I have been running into
 an issue where it maxes out my cpu on any version newer than 8.4p1-1.
 The solution is to downgrade to 8.4p1-1. My server machine is a dell
 t330 running windows 10. I am not a business despite using business
 grade hardware.I have tried both 20h2 and 21h1 but no luck. There are
 no users signed in when the issues occur and occurs within minutes of
 booting up. The only change from the default config is I have it
 running on a nonstandard port. Any advice is welcome as I really
 would like to upgrade to a newer version. Thanks
>> I noticed your initial contact and tried to duplicate what you observed
>> to no avail.
> https://cygwin.com/pipermail/cygwin/2021-April/248299.html
>
>> I set up cygwin openssh as a windows service as you described and also
>> have been doing it this way for many years.
>> sshd.exe doesn't show any cpu load on task manager even after days (yes
>> it still works when I log in from another machine)
>> My system is a Lenovo Thinkpad-x240 running updated W10. Cygwin is at
>> 3.2.0(0.340/5/3)
>> and ssh is at OpenSSH_8.5p1, OpenSSL 1.1.1f  31 Mar 2020.
>> Let me know if you would like me to try something else.
> Connect from remote machine to the usual shell prompt and force kill remote
> ssh process.
> The hung SSH session will cause full core CPU load.
will do & report back
>
>
> --
> With best regards,
> Andrey Repin
> Thursday, May 20, 2021 23:31:39
>
> Sorry for my terrible english...
>

-- 
Roger Wells, P.E.
leidos
221 Third St
Newport, RI 02840
401-847-4210 (voice)
401-849-1585 (fax)
roger.k.we...@leidos.com


-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-20 Thread A. Doggy via Cygwin 

To cygwin.


A Little more info: I actually have 1 client that connects regularly to 
the server. That client uses a program called goodsync. When I block 
goodsync from connecting, the problem goes away and I only have 1 
sshd.exe process running. When I unblock goodsync, I have multiple 
sshd.exe processes running and my cpu gets maxed out. Please test it 
like this. Thanks.


On 5/20/2021 12:02 PM, A. Doggy wrote:

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been doing 
so for many years with out issue. Recently, I have been running into 
an issue where it maxes out my cpu on any version newer than 8.4p1-1. 
The solution is to downgrade to 8.4p1-1. My server machine is a dell 
t330 running windows 10. I am not a business despite using business 
grade hardware.I have tried both 20h2 and 21h1 but no luck. There are 
no users signed in when the issues occur and occurs within minutes of 
booting up. The only change from the default config is I have it 
running on a nonstandard port. Any advice is welcome as I really 
would like to upgrade to a newer version. Thanks




--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

RE: [cygwin] Re: EXTERNAL: Re: sshd high cpu load

2021-05-20 Thread Jason Pyeron 
> -Original Message-
> From: Andrey Repin
> Sent: Thursday, May 20, 2021 4:33 PM
> To: Wells, Roger K. ; cygwin@cygwin.com
> Cc: Andrey Repin 
> Subject: [cygwin] Re: EXTERNAL: Re: sshd high cpu load
> 
> Greetings, Wells, Roger K.!
> 
> >> On 5/19/2021 12:48 AM, A. Doggy wrote:
> >>>
> >>>
> >>> I am running cygwin openssh as a windows service. I have been doing
> >>> so for many years with out issue. Recently, I have been running into
> >>> an issue where it maxes out my cpu on any version newer than 8.4p1-1.
> >>> The solution is to downgrade to 8.4p1-1. My server machine is a dell
> >>> t330 running windows 10. I am not a business despite using business
> >>> grade hardware.I have tried both 20h2 and 21h1 but no luck. There are
> >>> no users signed in when the issues occur and occurs within minutes of
> >>> booting up. The only change from the default config is I have it
> >>> running on a nonstandard port. Any advice is welcome as I really
> >>> would like to upgrade to a newer version. Thanks
> 
> > I noticed your initial contact and tried to duplicate what you observed
> > to no avail.
> 
> https://cygwin.com/pipermail/cygwin/2021-April/248299.html
> 
> > I set up cygwin openssh as a windows service as you described and also
> > have been doing it this way for many years.
> > sshd.exe doesn't show any cpu load on task manager even after days (yes
> > it still works when I log in from another machine)
> > My system is a Lenovo Thinkpad-x240 running updated W10. Cygwin is at
> > 3.2.0(0.340/5/3)
> > and ssh is at OpenSSH_8.5p1, OpenSSL 1.1.1f  31 Mar 2020.
> > Let me know if you would like me to try something else.
> 
> Connect from remote machine to the usual shell prompt and force kill remote
> ssh process.
> The hung SSH session will cause full core CPU load.

If this test case works, I will debug the sshd.exe Sunday My team will be 
so happy.


This has been our workaround:

$FROM="X@$([System.Net.Dns]::GetHostByName($env:computerName).HostName)"
$TO="@"
$process="sshd"
$cpu=90
$maindelay=60
$checkdelay=5
$logging=$false
$LOGFILE="D:\INC08507666\INC08507666.log"

while($true)
{
$killedany=$false
if ($logging) { echo "$(Get-Date):loop" >> $LOGFILE }
$x=get-wmiobject Win32_PerfFormattedData_PerfProc_Process | Where-Object 
-FilterScript { $_.PercentProcessorTime -gt $cpu -and 
$_.Name.startswith($process) } | foreach { $_.IDProcess }

if ($x -and $x.Count -gt 0)
{
if ($logging) { echo "$(Get-Date):now sleep, found: $x" >> $LOGFILE }
for ($retry=$checkdelay; $retry -ge 1; $retry=$retry/2)
{
if ($logging) { echo "$(Get-Date):check again: $retry" >> $LOGFILE }
Start-Sleep -s $retry;
if ($logging) { echo "$(Get-Date):woke" >> $LOGFILE }
$y=get-wmiobject Win32_PerfFormattedData_PerfProc_Process | 
Where-Object -FilterScript { $_.PercentProcessorTime -gt $cpu -and 
$_.Name.startswith($process) } | foreach { $_.IDProcess }
if ($y -and $y.Count -gt 0)
{
if ($logging) { echo "$(Get-Date):still found: $y" >> $LOGFILE }
$y | foreach {
$badpid=$_
if ($logging) { echo "$(Get-Date):to kill: $badpid" >> 
$LOGFILE }
$p = Get-Process -Id $badpid
try
{
Stop-Process -Id $badpid -Force -ErrorAction Stop
$killedany=$true
Send-MailMessage -Subject "INC08507666: 
$($env:COMPUTERNAME) killed $($p.Path) with pid $($badpid)" -From "$FROM" -To 
"$TO"
}
catch
{
Get-Date >> "$LOGFILE"
$_.Exception.Message >> "$LOGFILE"
$_.Exception.ItemName >> "$LOGFILE"
$_ >> "$LOGFILE"
Get-Date >> "$LOGFILE"

Send-MailMessage -Subject "INC08507666: 
$($env:COMPUTERNAME) broke, check logs" -From "$FROM" -To "$TO"
}
}
}
else
{
if ($logging) { echo "$(Get-Date):oh well: $y" >> $LOGFILE }
}
}
if ($killedany -and -not (Test-NetConnection -Port 22 -InformationLevel 
Quiet -ComputerName 127.0.0.1))
{
Start-Service sshd
}
}
Start-Sleep $maindelay
}


--
Jason Pyeron  | Architect
PD Inc|
10 w 24th St  |
Baltimore, MD |
 
.mil: jason.j.pyeron@mail.mil
.com: jpye...@pdinc.us
tel : 202-741-9397





-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: EXTERNAL: Re: sshd high cpu load

2021-05-20 Thread Andrey Repin via Cygwin 
Greetings, Wells, Roger K.!

>> On 5/19/2021 12:48 AM, A. Doggy wrote:
>>>
>>>
>>> I am running cygwin openssh as a windows service. I have been doing
>>> so for many years with out issue. Recently, I have been running into
>>> an issue where it maxes out my cpu on any version newer than 8.4p1-1.
>>> The solution is to downgrade to 8.4p1-1. My server machine is a dell
>>> t330 running windows 10. I am not a business despite using business
>>> grade hardware.I have tried both 20h2 and 21h1 but no luck. There are
>>> no users signed in when the issues occur and occurs within minutes of
>>> booting up. The only change from the default config is I have it
>>> running on a nonstandard port. Any advice is welcome as I really
>>> would like to upgrade to a newer version. Thanks

> I noticed your initial contact and tried to duplicate what you observed
> to no avail.

https://cygwin.com/pipermail/cygwin/2021-April/248299.html

> I set up cygwin openssh as a windows service as you described and also
> have been doing it this way for many years.
> sshd.exe doesn't show any cpu load on task manager even after days (yes
> it still works when I log in from another machine)
> My system is a Lenovo Thinkpad-x240 running updated W10. Cygwin is at
> 3.2.0(0.340/5/3)
> and ssh is at OpenSSH_8.5p1, OpenSSL 1.1.1f  31 Mar 2020.
> Let me know if you would like me to try something else.

Connect from remote machine to the usual shell prompt and force kill remote
ssh process.
The hung SSH session will cause full core CPU load.


-- 
With best regards,
Andrey Repin
Thursday, May 20, 2021 23:31:39

Sorry for my terrible english...


-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: EXTERNAL: Re: sshd high cpu load

2021-05-20 Thread Wells, Roger K. via Cygwin 
On 5/20/21 12:02 PM, A. Doggy via Cygwin wrote:
> Anyone?

Sorry,
I noticed your initial contact and tried to duplicate what you observed
to no avail.
I set up cygwin openssh as a windows service as you described and also
have been doing it this way for many years.
sshd.exe doesn't show any cpu load on task manager even after days (yes
it still works when I log in from another machine)
My system is a Lenovo Thinkpad-x240 running updated W10. Cygwin is at
3.2.0(0.340/5/3)
and ssh is at OpenSSH_8.5p1, OpenSSL 1.1.1f  31 Mar 2020.
Let me know if you would like me to try something else.

>
> On 5/19/2021 12:48 AM, A. Doggy wrote:
>> To Cygwin,
>>
>>
>> I am running cygwin openssh as a windows service. I have been doing
>> so for many years with out issue. Recently, I have been running into
>> an issue where it maxes out my cpu on any version newer than 8.4p1-1.
>> The solution is to downgrade to 8.4p1-1. My server machine is a dell
>> t330 running windows 10. I am not a business despite using business
>> grade hardware.I have tried both 20h2 and 21h1 but no luck. There are
>> no users signed in when the issues occur and occurs within minutes of
>> booting up. The only change from the default config is I have it
>> running on a nonstandard port. Any advice is welcome as I really
>> would like to upgrade to a newer version. Thanks
>>
>

-- 
Roger Wells, P.E.
leidos
221 Third St
Newport, RI 02840
401-847-4210 (voice)
401-849-1585 (fax)
roger.k.we...@leidos.com


-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

RE: [cygwin] Re: sshd high cpu load

2021-05-20 Thread Jason Pyeron 
> -Original Message-
> From: A. Doggy via Cygwin
> Sent: Thursday, May 20, 2021 12:03 PM
> 
> Anyone?

Psst, put at bottom.

> 
> On 5/19/2021 12:48 AM, A. Doggy wrote:
> > To Cygwin,
> >
> >
> > I am running cygwin openssh as a windows service. I have been doing so
> > for many years with out issue. Recently, I have been running into an
> > issue where it maxes out my cpu on any version newer than 8.4p1-1.

Observed 100% CPU on server 2012 r2 x64 joined to AD, not internet access. 
Issue intermittent. Unable to confirm if same issue.

openssh 8.5p1-1

> > The
> > solution is to downgrade to 8.4p1-1.

Have not had enough time to test - planning on Sunday.

> > My server machine is a dell t330
> > running windows 10. I am not a business despite using business grade
> > hardware.I have tried both 20h2 and 21h1 but no luck. There are no
> > users signed in when the issues occur and occurs within minutes of
> > booting up. The only change from the default config is I have it
> > running on a nonstandard port. Any advice is welcome as I really would
> > like to upgrade to a newer version. Thanks

Our environment is different in almost every metric, testing is planned.




-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd high cpu load

2021-05-20 Thread A. Doggy via Cygwin 

Anyone?

On 5/19/2021 12:48 AM, A. Doggy wrote:

To Cygwin,


I am running cygwin openssh as a windows service. I have been doing so 
for many years with out issue. Recently, I have been running into an 
issue where it maxes out my cpu on any version newer than 8.4p1-1. The 
solution is to downgrade to 8.4p1-1. My server machine is a dell t330 
running windows 10. I am not a business despite using business grade 
hardware.I have tried both 20h2 and 21h1 but no luck. There are no 
users signed in when the issues occur and occurs within minutes of 
booting up. The only change from the default config is I have it 
running on a nonstandard port. Any advice is welcome as I really would 
like to upgrade to a newer version. Thanks




--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-05-04 Thread Brian Inglis 



On 2021-05-04 09:14, Andrey Repin via Cygwin wrote:

Wednesday, April 28, 2021, 06:23:02, "Andrey Repin" wrote:

I run cygwin 32-bit on Windows 10 Pro Build 19042.  Cygwin is 3.2.0-1,
openssh is 8.5p1-1.
I use sshd to access the machine from afar.  I notice (often multiple)
processes of sshd.exe with 100% CPU load.



https://cygwin.com/pipermail/cygwin/2021-April/248299.html
https://cygwin.com/pipermail/cygwin/2021-April/248309.html



thanks for the link.  Am I mistaken or was there no solution
mentioned?  Do you have any advice how to fix this problem?



No, you are not. There were multiple reports (I only listed recent ones), but
no solution yet.


A stack shown with procexp has function names like 
"cygwin1.dll!acl_get_perm" and "cygwin1.dll!_assert".


Can anyone give me some advice how to proceed further?  I have updated 
to the latest cygwin multiple times; reboot doesn't help either.


If relevant changes are made, they are normally deployed as snapshots: see the 
Cygwin home page link.


Are you using:
* SAM with only local Windows accounts?
* MS accounts?
* AD accounts, without cygserver, and without preloading the cygserver group and 
passwd caches?


--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-05-04 Thread Andrey Repin via Cygwin 
Greetings, Christoph Lüders!

This list is in "no top posting, please" mode.


> Wednesday, April 28, 2021, 06:23:02, "Andrey Repin" wrote:

>> Greetings, Christoph Lüders!

>>> I run cygwin 32-bit on Windows 10 Pro Build 19042.  Cygwin is 3.2.0-1,
>>> openssh is 8.5p1-1.

>>> I use sshd to access the machine from afar.  I notice (often multiple)
>>> processes of sshd.exe with 100% CPU load.

>> https://cygwin.com/pipermail/cygwin/2021-April/248299.html
>> https://cygwin.com/pipermail/cygwin/2021-April/248309.html

> thanks for the link.  Am I mistaken or was there no solution
> mentioned?  Do you have any advice how to fix this problem?

No, you are not. There were multiple reports (I only listed recent ones), but
no solution yet.

>>> A stack shown with procexp has function names like
>>> "cygwin1.dll!acl_get_perm" and "cygwin1.dll!_assert".

>>> Can anyone give me some advice how to proceed further?  I have updated
>>> to the latest cygwin multiple times; reboot doesn't help either.


-- 
With best regards,
Andrey Repin
Tuesday, May 4, 2021 18:13:40

Sorry for my terrible english...

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd slow login and/or 100% cpu

2021-05-03 Thread Brian Inglis 

On 2021-05-03 07:40, Jason Pyeron wrote:

My teammates have been observing periodic slow login problems recently, most 
recent Cygwin update was for the Git CVE, but I do not think that is related.
Guidance on troubleshooting and resolution most appreciated.
My assumptions:
BLODA (I cannot influence that) and bad network between AD and Server.
I am willing to do whatever I am allowed to fix this.
Here are my observations:
1. The users log in via PKI
2. The users' accounts are AD based accounts
3. stopping the sshd service does not kill all the sshd.exe processes
4. killing all the sshd.exe processes (after service stop) and starting the 
service returns performance to normal
5. the normal last for an indeterminate time between 1 and 24 hours typical. 
Once it goes slow, it does not recover on its own.
6. /etc/nsswitch.conf only contains
passwd:   files
group:files
7. we are running the cygserver, /etc/cygserver.conf  is empty
8. resolving group information takes 97 seconds (sometimes)
XREDACTED_00012X@XREDACTED_3X ~
$ id -G XREDACTED_00047X
XREDACTED_00023X 545 555 2 11 15 XREDACTED_00045X XREDACTED_00028X 401408
XREDACTED_00012X@XREDACTED_3X ~
$ getent group XREDACTED_00023X 545 555 2 11 15 XREDACTED_00045X 
XREDACTED_00028X 401408
Domain Users:S-1-5-21-XREDACTED_00044X-513:XREDACTED_00023X:
Users:S-1-5-32-545:545:
Remote Desktop Users:S-1-5-32-555:555:
NETWORK:S-1-5-2:2:
Authenticated Users:S-1-5-11:11:
This Organization:S-1-5-15:15:
Service asserted identity:S-1-18-2:XREDACTED_00045X:
XREDACTED_00016X:XREDACTED_00014X:XREDACTED_00028X:
Medium Mandatory Level:S-1-16-8192:401408:
Running id a second time is quick, most of the time. A few hours later this 
morning in the same bash shell, it was slow again.
9. tracing through sshd it seems to be holding at 2 system calls in uidswap.c 
(initgroups, getgroups)
diff --git a/openssh-8.5p1-1.x86_64/src/openssh-8.5p1/uidswap.c 
b/openssh-8.5p1-1.x86_64/src/openssh-8.5p1/uidswap.c
index 40e1215..4538e63 100644
--- a/openssh-8.5p1-1.x86_64/src/openssh-8.5p1/uidswap.c
+++ b/openssh-8.5p1-1.x86_64/src/openssh-8.5p1/uidswap.c
@@ -60,6 +60,8 @@ static intsaved_egroupslen = -1, user_groupslen = -1;
  void
  temporarily_use_uid(struct passwd *pw)
  {
+   debug3_f("entering");
+
 /* Save the current euid, and egroups. */
  #ifdef SAVED_IDS_WORK_WITH_SETEUID
 saved_euid = geteuid();
@@ -83,7 +85,9 @@ temporarily_use_uid(struct passwd *pw)
 privileged = 1;
 temporarily_use_uid_effective = 1;

+   debug3_f("getgroups(0, NULL)");
 saved_egroupslen = getgroups(0, NULL);
+   debug3_f("getgroups(0, NULL)=%u", saved_egroupslen);
 if (saved_egroupslen == -1)
 fatal("getgroups: %.100s", strerror(errno));
 if (saved_egroupslen > 0) {
@@ -97,42 +101,57 @@ temporarily_use_uid(struct passwd *pw)
 }

 /* set and save the user's groups */
+   debug3_f("if (user_groupslen == -1 || user_groups_uid != pw->pw_uid)");
 if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
+   debug3_f("if (initgroups(\"%s\", %u) == -1) [SLOW NEXT LINE]", 
pw->pw_name, pw->pw_gid);
 if (initgroups(pw->pw_name, pw->pw_gid) == -1)
 fatal("initgroups: %s: %.100s", pw->pw_name,
 strerror(errno));

+   debug3_f("getgroups(0, NULL) [SLOW NEXT LINE]");
 user_groupslen = getgroups(0, NULL);
+   debug3_f("getgroups(0, NULL)=%u", user_groupslen);
10. I have not tried to find the 100% cpu cause, yet. When at 100% it may or 
may not be slow to log in.
11. redacted cygcheck output attached. I ran cygcheck -s -v -r > 
cygcheck-20210503-0759.out


Given AD accounts /etc/nsswitch.conf should be using the default "files db", and 
you may wish to add local and primary (and/or alltrusted and/or other trusted 
domain names) to db_enum: see /etc/nsswitch.conf comments.


It is useful before or after certain service startups to prefill caches before 
starting real work, e.g. running getent on common hosts right after networking 
startup preloads the DNS cache.


With cygserver using AD, right after that service startup, you could getent 
group and passwd to prefill their caches.


To do that you can set non-MS services to manual start and start them in 
/usr/local/sbin/ scripts run under dash from system startup scheduled tasks.


--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: SSHD causes 100% CPU load

2021-04-27 Thread Andrey Repin 
Greetings, Christoph Lüders!

> I run cygwin 32-bit on Windows 10 Pro Build 19042.  Cygwin is 3.2.0-1,
> openssh is 8.5p1-1.

> I use sshd to access the machine from afar.  I notice (often multiple)
> processes of sshd.exe with 100% CPU load.

https://cygwin.com/pipermail/cygwin/2021-April/248299.html
https://cygwin.com/pipermail/cygwin/2021-April/248309.html

> A stack shown with procexp has function names like
> "cygwin1.dll!acl_get_perm" and "cygwin1.dll!_assert".

> Can anyone give me some advice how to proceed further?  I have updated
> to the latest cygwin multiple times; reboot doesn't help either.


-- 
With best regards,
Andrey Repin
Wednesday, April 28, 2021 7:21:53

Sorry for my terrible english...

-- 
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd 100% Load after disconnect

2021-04-18 Thread Andrey Repin 
Greetings, iw875...@gmx.eu!

> sshd seems to run at 100% Load for one thread after ssh disconnect

125% or more, actually.

> (Close Terminal Window) on my Windows 10 computer.

> If I use exit it isn't so.

> I have to kill sshd or reboot the machine to kill the load.

Kill the shell (or another process that's holding it).
It's safer a little.


-- 
With best regards,
Andrey Repin
Sunday, April 18, 2021 17:06:24

Sorry for my terrible english...

--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-18 Thread Erik Soderquist via Cygwin 
On Thu, Dec 17, 2020 at 6:12 PM Bill Stewart  wrote:
>
> On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote:
>
> > I've had weird instances where the Windows Firewall tools lied; I
> > confirmed this by temporarily shutting down the Windows Firewall
> > entirely, then restarting the service having problems and retesting.
> > On retest, it worked fine, confirming it was the firewall causing the
> > problem.
>
> I have never experienced anything like this, on any Windows version
> for any application, after working with just about every version of
> Windows firewall since its inception, in a number of different
> organizations.
>
> In every case I thought the Windows firewall was the culprit, it turns
> out it was my own misunderstanding.

I kind of envy that... I've had a litany of weird did not make sense
quirks dealing with many aspects of Windows in my career.

-- Erik
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-17 Thread Bill Stewart 
On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote:

> I've had weird instances where the Windows Firewall tools lied; I
> confirmed this by temporarily shutting down the Windows Firewall
> entirely, then restarting the service having problems and retesting.
> On retest, it worked fine, confirming it was the firewall causing the
> problem.

I have never experienced anything like this, on any Windows version
for any application, after working with just about every version of
Windows firewall since its inception, in a number of different
organizations.

In every case I thought the Windows firewall was the culprit, it turns
out it was my own misunderstanding.

Bill
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-17 Thread Erik Soderquist via Cygwin 
On Thu, Dec 17, 2020 at 3:51 PM Charles Russell  wrote:
>
> On 12/17/2020 11:49 AM, Bill Stewart wrote:
>
>  > Make sure to look carefully through all of the firewall rules and
>  > check whether there is a rule blocking that executable or port.
>  >
>
> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.

I've had weird instances where the Windows Firewall tools lied; I
confirmed this by temporarily shutting down the Windows Firewall
entirely, then restarting the service having problems and retesting.
On retest, it worked fine, confirming it was the firewall causing the
problem.

What exactly the problem was varied (this has happened many many times
to me)...  In some cases it was the rule definition for the scope not
matching the actual network, in some cases I could not find any real
issue, but deleting and recreating the rules fixed the issue, in a few
cases, I also found a deny rule that somehow matched the service
having problems, and deny rules take precedence over allow rules.  One
example of the conflict could be "sshd allowed" vs "port 22 denied";
the deny would take precedence.

I suggest doing the firewall down/restart sshd test to confirm or
refute the Windows Firewall being involved, then going from there.

-- Erik




--
"I do not think any of us are truly sane, Caleb. Not even you. Courage
is not sanity. Being willing to die for someone else is not sanity."
... "Love is not sane, nor is faith." ... "If sanity lacks those
things, Caleb, I want no part of it."

-- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-17 Thread Bill Stewart 
On Thu, Dec 17, 2020 at 1:51 PM Charles Russell wrote:

> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.
>
> Is there someplace else I should look? This is Windows 7 Home Premium.

If it works when you disable the firewall, then (to state the obvious,
sorry) there is a rule in the firewall that is blocking the traffic.

I would suggest to examine all of the rules carefully. I say this
because it is happened to me before, and I could have sworn that I
looked at all of the rules.

BIll
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-17 Thread Brian Inglis 

On 2020-12-17 13:51, Charles Russell wrote:

On 12/17/2020 11:49 AM, Bill Stewart wrote:

Make sure to look carefully through all of the firewall rules and
check whether there is a rule blocking that executable or port.


Selecting "Advanced Settings" and then "incoming rules", I see one rule for sshd 
private: enabled, allowed and one rule for sshd public: enabled, allowed. There 
is a third rule for sshd domain: (disabled, allowed). I believe that one is 
irrelevant but I enabled it anyway, which did not help.


Is there someplace else I should look? This is Windows 7 Home Premium.


Have you checked your new router to see what default rules are enabled there?

Some routers may come with blocks for common attack vectors, against the router 
itself or the local network, that may need to be disabled if you want to allow 
connections from other systems.


The router may have been setup or used by the selling org, or a customer, and 
returned and resold.


--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd broken by seemingly trivial network change

2020-12-17 Thread Charles Russell 

On 12/17/2020 11:49 AM, Bill Stewart wrote:

> Make sure to look carefully through all of the firewall rules and
> check whether there is a rule blocking that executable or port.
>

Selecting "Advanced Settings" and then "incoming rules", I see one rule 
for sshd private: enabled, allowed and one rule for sshd public: 
enabled, allowed. There is a third rule for sshd domain: (disabled, 
allowed). I believe that one is irrelevant but I enabled it anyway, 
which did not help.


Is there someplace else I should look? This is Windows 7 Home Premium.
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem -- seteuid failed -- ancient problem

2020-04-16 Thread Kevin Schnitzius via Cygwin 
On Thursday, April 16, 2020, 04:50:03 AM EDT, Andrey Repin 
 wrote: 

>> sshd: PID 1721: fatal: seteuid 1610619958: No such device or address

>> I just did a clean install:
>>  openssh                                 8.2p1-1

>> The uid corresponds to me:
>>     uid=1610619958(+kevins)

> Can we see the full output of `id` when you logged in as domain user?

uid=1610619958(+kevins) 
gid=1610613249(+Domain Users)

groups=1610613249(+Domain Users),
559(Performance Log Users),
545(Users),
14(REMOTE INTERACTIVE LOGON),
4(INTERACTIVE),
11(Authenticated Users),
15(This Organization),
4095(CurrentSession),
66048(LOCAL),  + 266 other  groups.

Kevin
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem -- seteuid failed -- ancient problem

2020-04-16 Thread Andrey Repin 
Greetings, Kevin Schnitzius!

> sshd: PID 1721: fatal: seteuid 1610619958: No such device or address

> I just did a clean install:
>  openssh                                 8.2p1-1

> The uid corresponds to me:
>     uid=1610619958(+kevins)

Can we see the full output of `id` when you logged in as domain user?

> Local users work fine; it's only a problem with domain users.

> Strictmode=no and the service is running as Local System account.  Is there
> a domain privilege my box needs for this?

> Any ideas?


-- 
With best regards,
Andrey Repin
Thursday, April 16, 2020 11:37:25

Sorry for my terrible english...
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem -- seteuid failed -- ancient problem

2020-04-15 Thread Bill Stewart 
On Tue, Apr 14, 2020 at 8:01 PM Kevin Schnitzius wrote:

> sshd: PID 1721: fatal: seteuid 1610619958: No such device or address
>
> I just did a clean install:
>  openssh 8.2p1-1
>
> The uid corresponds to me:
> uid=1610619958(+kevins)
>
> Local users work fine; it's only a problem with domain users.
>
> Strictmode=no and the service is running as Local System account.  Is there a 
> domain privilege my box needs for this?
>
> Any ideas?

That looks like the username is not correct. On a domain, it should be
just username, not domain+username

https://cygwin.com/cygwin-ug-net/ntsec.html

Bill
--
Problem reports:  https://cygwin.com/problems.html
FAQ:  https://cygwin.com/faq/
Documentation:https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

Re: sshd sessions hang after cygwin1.dll 3.0.7

2020-01-30 Thread Bill Stewart 
Thank you for the assistance!

I released the latest version of my installer, now available (under
"Releases" tab) here:

https://github.com/Bill-Stewart/Cygwin-OpenSSH

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd sessions hang after cygwin1.dll 3.0.7

2020-01-30 Thread Takashi Yano 
On Thu, 30 Jan 2020 12:33:28 -0700
Bill Stewart wrote:
> On Thu, Jan 30, 2020 at 9:46 AM Takashi Yano wrote:
> > I believe you do not need winpty anymore because newer cygwin
> > utilizes pseudo console in pty.
> 
> Since this package is still used for older OS versions, I will still
> need winpty for now.

Indeed. I was rash.

-- 
Takashi Yano 

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd sessions hang after cygwin1.dll 3.0.7

2020-01-30 Thread Bill Stewart 
On Thu, Jan 30, 2020 at 12:33 PM Bill Stewart wrote:

> I added cygwin-console-helper.exe and this resolved it, at least on
> Windows 10. My next step is to test on Server 2012 R2.

Tested, and works fine also on Server 2012 R2. Thanks for the help!

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd sessions hang after cygwin1.dll 3.0.7

2020-01-30 Thread Bill Stewart 
On Thu, Jan 30, 2020 at 9:46 AM Takashi Yano wrote:

> Bill Stewart wrote:
> >
> > When I use cygwin1.dll versions newer than 3.0.7, sshd.exe hangs
> > whenever establishing a connection.
> > ...
> > Any ideas?
>
> You need cygwin-console-helper.exe for newer cygwin pty which
> supports pseudo console.
>
> I believe you do not need winpty anymore because newer cygwin
> utilizes pseudo console in pty.

Excellent, thank you!

I added cygwin-console-helper.exe and this resolved it, at least on
Windows 10. My next step is to test on Server 2012 R2.

Since this package is still used for older OS versions, I will still
need winpty for now.

Thanks!

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd sessions hang after cygwin1.dll 3.0.7

2020-01-30 Thread Takashi Yano 
On Thu, 30 Jan 2020 09:27:34 -0700
Bill Stewart wrote:
> I have created an OpenSSH installer for Windows users:
> 
> https://github.com/Bill-Stewart/Cygwin-OpenSSH
> 
> Basically it includes only the minimum files from Cygwin needed to run
> OpenSSH and has some additional conveniences (the foremost of which is
> to automatically install the service).
> 
> The problem:
> 
> When I use cygwin1.dll versions newer than 3.0.7, sshd.exe hangs
> whenever establishing a connection. Following is the output from 'sshd
> -d':
> 
> debug1: sshd version OpenSSH_8.1, OpenSSL 1.1.1d  10 Sep 2019
> debug1: private host key #0: ssh-rsa SHA256:...
> debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:...
> debug1: private host key #2: ssh-ed25519 SHA256:...
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-d'
> debug1: Bind to port 22 on ::.
> Server listening on :: port 22.
> debug1: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> debug1: fd 5 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
> debug1: inetd sockets after dupping: 4, 4
> Connection from  port 52466 on  port 22
> debug1: Local version string SSH-2.0-OpenSSH_8.1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
> debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x0400
> debug1: permanently_set_uid: 197767/197121 [preauth]
> debug1: list_hostkey_types:
> rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
> [preauth]
> debug1: SSH2_MSG_KEXINIT sent [preauth]
> debug1: SSH2_MSG_KEXINIT received [preauth]
> debug1: kex: algorithm: curve25519-sha256 [preauth]
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
> debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none [preauth]
> debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none [preauth]
> debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
> debug1: rekey out after 134217728 blocks [preauth]
> debug1: SSH2_MSG_NEWKEYS sent [preauth]
> debug1: Sending SSH2_MSG_EXT_INFO [preauth]
> debug1: expecting SSH2_MSG_NEWKEYS [preauth]
> debug1: SSH2_MSG_NEWKEYS received [preauth]
> debug1: rekey in after 134217728 blocks [preauth]
> debug1: KEX done [preauth]
> debug1: userauth-request for user  service ssh-connection
> method none [preauth]
> debug1: attempt 0 failures 0 [preauth]
> debug1: user  matched 'User ' at line 142
> debug1: authentication methods list 0: password
> debug1: userauth_send_banner: sent [preauth]
> debug1: authentication methods list 0: password [preauth]
> debug1: userauth-request for user  service ssh-connection
> method password [preauth]
> debug1: attempt 1 failures 0 [preauth]
> Accepted password for  from  port 52466 ssh2
> debug1: monitor_child_preauth:  has been authenticated by
> privileged process
> debug1: monitor_read_log: child log fd closed
> debug1: rekey in after 134217728 blocks
> debug1: rekey out after 134217728 blocks
> debug1: ssh_packet_set_postauth: called
> debug1: active: key options: agent-forwarding port-forwarding pty
> user-rc x11-forwarding
> debug1: Entering interactive session for SSH2.
> debug1: server_init_dispatch
> debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug1: server_input_global_request: rtype
> no-more-sessi...@openssh.com want_reply 0
> debug1: server_input_channel_req: channel 0 request pty-req reply 1
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 req pty-req
> debug1: Allocating pty.
> 
> The only resolution is to forcibly terminate the spawned copy of sshd
> (the one spawned by the 'sshd -d' process).
> 
> Server is running Windows 10 v1909.
> 
> I have tested, and the hang occurs in all versions of cygwin1.dll after 3.0.7.
> 
> When I revert back to cygwin1.dll 3.0.7, the problem does not occur,
> and the connection succeeds.
> 
> Any ideas?

You need cygwin-console-helper.exe for newer cygwin pty which
supports pseudo console.

I believe you do not need winpty anymore because newer cygwin
utilizes pseudo console in pty.

-- 
Takashi Yano 

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-07-10 Thread schleprock 
so i ran into the same problem and had some difficulty in figuring out how to
apply the solution. so hopefully to save other people from the same issue. 
to set the sshd service to use the SYSTEM you open the properties sheet for
sshd service, go to the "Log On" tab and then click the radio button on the
"Local System account"

worked like a charm for me...

schleprock




--
Sent from: http://cygwin.1069669.n5.nabble.com/Cygwin-list-f3.html

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: SSHD Service shuts down after a while after latest library updates

2019-05-13 Thread Bill Stewart 
On Sun, May 12, 2019 at 8:31 AM L A Walsh wrote:

> This has been a feature of Windows since win98. Not officially, mind
> you, but any scheduled task in windows would eventually become
> unscheduled and stop running with out any notification.

I've never seen this behavior on any Windows machine (a scheduled task
becoming unscheduled by itself), but in any case, this is irrelevant
to the current question because scheduled tasks are not the same as
Windows services (daemons).

What we need to know is what is happening that would cause the service
to stop running. As a test, you can stop the service (if it's not
stopped already), and do the following:

1. Open Cygwin shell as administrator (right-click, "Run as administrator")

2. Run: cd /usr/sbin

3. Run: sshd -d -d -d

This will run the service "interactively" and you can see what error occurs.

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: SSHD Service shuts down after a while after latest library updates

2019-05-12 Thread L A Walsh 
On 5/12/2019 6:35 AM, Enrico.Bertram wrote:
> \
>
> The service is configured to start automatically and does so on each reboot.
> The event viewer does not show any event (for example the "stopped" on
> normal shutdowns) - the service is just in shut down state every now and
> then and I have to manually start it again.
>   
This has been a feature of Windows since win98.  Not officially, mind
you, but any scheduled task in windows would eventually become
unscheduled and stop running with out any notification.

The only way I found to get round this is by having a job login from
a reliable server (like linux) multiple times/hour with a control
login that attempts to remain logged in so that problems can be
solved by the already logged in process.

For the first time since Win98, I'm starting to get error reports when
there are problems as well as notifications if there was a problem
resetting my basic state.

I may have to extend my monitoring and corrections since some are more
involved,
but sadly it was the only way I found out how to get prompt errors when
things stopped working because Windows philosophy is to not report
things in hope that the problem or need for the report will go away.

Part of this stems from, for example in tools to regulate resources
given to programs, only servers are allowed to do so, with the
regulating software not running on Windows.

There are some unsatisfactory third party options (Process Lasso) that
do things
like keep processes running or restart if they die  -- things that the
Windows service manager claims to do, but not always work.

Windows on my machine hasn't been able to start the system log function
for about 2-3 years -- with MS having no clue and only recommendation
being to upgrade to win10.  I have a few problem the MS was unable to
solve for more than 3 years with similar outcomes.  Very often the
problems aren't fixed, but appear
to be so because some do not trigger frequently.

So if you want reliable debug and monitoring, use another OS like linux to
monitor the flakey windows.

(my 2 cents)
Linda






--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations

2019-03-29 Thread Bill Stewart 
On Fri, Mar 29, 2019 at 4:00 AM Corinna Vinschen wrote:

> > On 2019-03-28 15:36, Bill Stewart wrote:
> > I am trying to understand the limitations when running sshd using the
> > SYSTEM account.
> >
> > Is the following complete and correct?
> >
> > ==
> >
> > OS_version*  OS_bitness  sshd_bitness  Notes
> > --
> > < 6.364-bit  32-bitNote 1
> > < 6.364-bit  64-bitNote 2
> > < 6.332-bit  32-bitNote 2
> > > = 6.3  64-bit  64-bitNo problems
> > > = 6.3  64-bit  32-bitNo problems
> > > = 6.3  32-bit  32-bitNo problems
> >
> > * "< 6.3" = "older than Windows 8.1/Server 2012 R2"; ">= 6.3" = "at
least
> > Windows 8.1/Server 2012 R2"
> >
> > Note 1: sshd cannot authenticate local accounts, but it can authenticate
> > domain accounts.
> >
> > Note 2: sshd can't authenticate local accounts after a reboot unless
> > another logon happens first.
> >
> > Unfortunate implication of Note 1: 32-bit version of sshd running as
SYSTEM
> > account on OS < 6.3 on non-domain member computer cannot authenticate
any
> > accounts.
>
> Or https://cygwin.com/cygwin-ug-net/ntsec.html
>
> AFAIK, the only problem left are OS versions 6.0 (Vista/2008)
> and 6.1 (7/2008R2), and only 32 bit Cygwin running under WOW64,
> *not* 32 bit Cygwin running on a 32 bit Windows.

I read the documentation again (ntsec.html), and I don't see detailed
Windows version specifics. (Hence this message...)

Regarding 6.0 (Vista/Server 2008) and 6.1 (7/Server 2008 R2) 64-bit OS
running 32-bit sshd: That's covered in the first row of the table
(OS_version < 6.3).

Regarding 6.0 (Vista/Server 2008) and 6.1 (Windows 7) 32-bit OS running
32-bit sshd: Only affected by Note 2 (third row of table).

It would seem that my breakdown is complete and correct, then. (If anyone
sees an error, please reply.)

Thanks!

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations

2019-03-29 Thread Corinna Vinschen 
On Mar 28 17:18, Brian Inglis wrote:
> On 2019-03-28 15:36, Bill Stewart wrote:
> > I am trying to understand the limitations when running sshd using the
> > SYSTEM account.
> > Is the following complete and correct?
> > ==
> > OS_version*  OS_bitness  sshd_bitness  Notes
> > --
> > < 6.364-bit  32-bitNote 1
> > < 6.364-bit  64-bitNote 2
> > < 6.332-bit  32-bitNote 2
> >> = 6.3   64-bit  64-bitNo problems
> >> = 6.3   64-bit  32-bitNo problems
> >> = 6.3   32-bit  32-bitNo problems
> > * "< 6.3" = "older than Windows 8.1/Server 2012 R2"; ">= 6.3" = "at least
> > Windows 8.1/Server 2012 R2"
> > Note 1: sshd cannot authenticate local accounts, but it can authenticate
> > domain accounts.
> > Note 2: sshd can't authenticate local accounts after a reboot unless
> > another logon happens first.
> > Unfortunate implication of Note 1: 32-bit version of sshd running as SYSTEM
> > account on OS < 6.3 on non-domain member computer cannot authenticate any
> > accounts.
> 
> cygstart /usr/share/doc/Cygwin/html/ntsec.html

Or https://cygwin.com/cygwin-ug-net/ntsec.html

AFAIK, the only problem left are OS versions 6.0 (Vista/2008)
and 6.1 (7/2008R2), and only 32 bit Cygwin running under WOW64,
*not* 32 bit Cygwin running on a 32 bit Windows.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd/SYSTEM account/OS version and Cygwin "bitness" limitations

2019-03-28 Thread Brian Inglis 
On 2019-03-28 15:36, Bill Stewart wrote:
> I am trying to understand the limitations when running sshd using the
> SYSTEM account.
> Is the following complete and correct?
> ==
> OS_version*  OS_bitness  sshd_bitness  Notes
> --
> < 6.364-bit  32-bitNote 1
> < 6.364-bit  64-bitNote 2
> < 6.332-bit  32-bitNote 2
>> = 6.3   64-bit  64-bitNo problems
>> = 6.3   64-bit  32-bitNo problems
>> = 6.3   32-bit  32-bitNo problems
> * "< 6.3" = "older than Windows 8.1/Server 2012 R2"; ">= 6.3" = "at least
> Windows 8.1/Server 2012 R2"
> Note 1: sshd cannot authenticate local accounts, but it can authenticate
> domain accounts.
> Note 2: sshd can't authenticate local accounts after a reboot unless
> another logon happens first.
> Unfortunate implication of Note 1: 32-bit version of sshd running as SYSTEM
> account on OS < 6.3 on non-domain member computer cannot authenticate any
> accounts.

cygstart /usr/share/doc/Cygwin/html/ntsec.html

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-16 Thread Houder 
On Fri, 15 Mar 2019 21:41:22, Corinna Vinschen  wrote:

> On Mar 15 20:39, Houder wrote:

> > On Fri, 15 Mar 2019 14:42:47, Corinna Vinschen  wrote:
[snip]

> > > Well, there *is* a solution by using strace.  And hey, we now know what
> > > ENXIO returned from seteuid means, don't we?  It's not all bad :)
> >
> > You do! I do not :-) (as I do not have the machinery at my disposal that
> > is required to provoke this error).
> 
> If I'm not mistaken the error occurs for local machine accounts, not for
> domain accounts.  But either way, this problem can only be straced on
> machines which can reproduce the problem and that's usually the machine
> of the OP in the first place.

OP's machine (or equivalent)? Basically, that is what I stated above (i.e.
attempting to state) ...

Error occurs for local machine accounts? Yes, but not at my place! (I did
not see the error (ENXIO) when the sshd problem came up when cygwin 3 was
introduced -- because I "loop back" when using ssh).

> I'm not sure what you're asking for, what do you want to change in
> Cygwin?

To answer the 2nd part of your question: nothing! (even if I was capable
of changing Cygwin).

I can appreciate(?) the complexity of mapping "Linux" to Windows. Simple
enough (?) in case of something like reading/writing a file, because that
concept (general enough to be) is present in both Windows and "Linux".

Totally different in case of seteuid() and companions ...

(Could the error reporting be improved if the Linux system call would be
 a parameter when mapping Windows failure codes to "Linux" error codes?
 I believe that would be very, very troublesome)

To answer the 1st part of your question ...

.. well, I had hoped that you had seen what Windows function had caused
the "No such device or address" error message to appear ...
(and was willing to share that info :-).

I know that you were the one that introduced ERROR_FILE_INVALID and made
it map to ENXIO (in 2001 ... good gracious, almost 20 years ago).

Presumably, because of the empty file problem in av::setup(), a function
in winsup/cygwin/spawn.cc.

Error code ENXIO occurs at a very different level (lower) in Linux than
the level where seteuid() and companions live ...

That is why I was wondering? what made seteuid() in Cygwin generate this
error ...

So, basically, my interest comes down to curiosity! (and I assumed that
you had seen the error appear when the sshd problem came up).

End of thread? :-)

Henri

=


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-15 Thread Corinna Vinschen 
On Mar 15 20:39, Houder wrote:
> On Fri, 15 Mar 2019 14:42:47, Corinna Vinschen  wrote:
> 
> > On Mar 15 14:06, Houder wrote:
> 
> > > One is forced to create the exact same environment (system) as the
> > > person who is complaining, fire up the debugger (like sticking
> > > a thermometer in a patient's rear end) in order to find out where
> > > the code failed ...
> > >
> > > Meaning, within the context of the recent sshd problems, possibly only
>   
> > > you know where the error ERROR_FILE_INVALID (resulting in the error
> ^^^
> 
> strace, yes. But only if one has the exact same "network" at one's disposal
> as the one where the problem occurred (like you have at your place; while I
> only have one simple computer) ... That is decisive.
> 
> > > message "No such device or address") was generated ... (and by which
> > > Windows function).
> > 
> > The only interface an application has is by checking the POSIX
> > errno value.  This is what Cygwin is about :)
> > 
> > If you need more details what's going on under the hood, you have
> > to use strace.
> > 
> > > Oh well, this cannot be helped ...
> > 
> > Well, there *is* a solution by using strace.  And hey, we now know what
> > ENXIO returned from seteuid means, don't we?  It's not all bad :)
> 
> You do! I do not :-) (as I do not have the machinery at my disposal that
> is required to provoke this error).

If I'm not mistaken the error occurs for local machine accounts, not for
domain accounts.  But either way, this problem can only be straced on
machines which can reproduce the problem and that's usually the machine
of the OP in the first place.

I'm not sure what you're asking for, what do you want to change in
Cygwin?


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-15 Thread Houder 
On Fri, 15 Mar 2019 14:42:47, Corinna Vinschen  wrote:

> On Mar 15 14:06, Houder wrote:

> > One is forced to create the exact same environment (system) as the
> > person who is complaining, fire up the debugger (like sticking
> > a thermometer in a patient's rear end) in order to find out where
> > the code failed ...
> >
> > Meaning, within the context of the recent sshd problems, possibly only
  
> > you know where the error ERROR_FILE_INVALID (resulting in the error
^^^

strace, yes. But only if one has the exact same "network" at one's disposal
as the one where the problem occurred (like you have at your place; while I
only have one simple computer) ... That is decisive.

> > message "No such device or address") was generated ... (and by which
> > Windows function).
> 
> The only interface an application has is by checking the POSIX
> errno value.  This is what Cygwin is about :)
> 
> If you need more details what's going on under the hood, you have
> to use strace.
> 
> > Oh well, this cannot be helped ...
> 
> Well, there *is* a solution by using strace.  And hey, we now know what
> ENXIO returned from seteuid means, don't we?  It's not all bad :)

You do! I do not :-) (as I do not have the machinery at my disposal that
is required to provoke this error).

A simple STC to emphasize my statement (i.e. a problem that I can strace
on my computer).

int
main()
{
errno = 0;
if (seteuid( (uid_t)1004) != 0) { // 1004, not being me :-)
printf("seteuid: errno = %d, errstr = %s\n", errno, strerror(errno) );
// seteuid: errno = 13, errstr = Permission denied => EACCES
// ... while only EPERM en EINVAL are documented ...
} else printf("1004, OK\n");
}

64-@@ ./seteuid
seteuid: errno = 13, errstr = Permission denied ... huh?

On Linux this simple "Simple Test Case" will result in:
seteuid: errno = 1, errstr = Operation not permitted ... Got it!

Fortunately, I have now have the strace output at my disposal:

... studying the strace output and the source code, I am now able to
tell what is going on ... see below:

seteuid (syscalls.cc)

.lsaprivkeyauth (sec_auth.cc) < fails; as result NULL (token)
 is returned by lsaprivkeyauth ...
...lsa_open_policy (sec_auth.cc) < fails; as result NULL (lsa)
is returned by lsa_open_policy ...
# errno, set by lsa_open_policy, is ignored
  # seteuid() chooses NOT to bail out, but
  # to attempt "Service For User Logon" (s4u) ...

.s4uauth (sec_auth.cc) < fails (because LsaRegisterLogonProcess
  fails), returning the status (0xC041)
  to seteuid()
  # /usr/include/w32api/ntstatus.h:
  # defines STATUS_PORT_CONNECTION_REFUSED ((NTSTATUS)0xC041)
  # now seteuid chooses to bail out (i.e. setuid() fails)
Q: errno?
s4uauth calls __seterrno_from_nt_status (0xC041), which in turn
 calls RtlNtStatusToDosError(0xC041), which in turn
 calls geterrno_from_win_error(5,...):
 0xC041 is mapped to 5, which in turn is mapped to 13 (EACCES).

Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-15 Thread Corinna Vinschen 
On Mar 15 14:06, Houder wrote:
> On Thu, 14 Mar 2019 18:29:18, Corinna Vinschen  wrote:
> 
> > On Mar 14 16:53, Houder wrote:
> 
> > > On Thu, 14 Mar 2019 12:39:30, X wrote:
> > > > Hello the list
> [snip]
> > > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> 
> > > Corinna,
> > >
> > > As far as I know, seteuid() can either return EINVAL or EPERM in case of
> > > an error.
> > >
> > > EPERM (=3D  1) "Operation not permitted"
> > > EINVAL(=3D 22) "Invalid argument"
> > >
> > > "No such device or address" appears to correspond to ENXIO (=3D  6). Is it
> > > sshd, or is it Cygwin, that is confused here?
> > 
> > No confusion as such.  The underlying Windows function returns a NT
> > status code, which is converted to a Win32 error code by a Windows
> > function, and that Win32 error code is converted to a POSIX errno by
> > Cygwin.  There are much more NT status codes than Win32 error codes, and
> > there are much more Win32 error codses than POSIX errno values, so the
> > mapping is inevitably unsatisfying.
> 
> .. yes, I am aware of the situation (winsup/cygwin/errno.cc) ...
> 
> However, in the end this kind of error messages is of NOT much use in order
> to ascertain what is going on (i.e. what is causing the problem).
> 
> One is forced to create the exact same environment (system) as the person
> who is complaining, fire up the debugger (like sticking a thermometer in a
> patient's rear end) in order to find out where the code failed ...
> 
> Meaning, within the context of the recent sshd problems, possibly only you
> know where the error ERROR_FILE_INVALID (resulting in the error message "No
> such device or address") was generated ... (and by which Windows function).

The only interface an application has is by checking the POSIX
errno value.  This is what Cygwin is about :)

If you need more details what's going on under the hood, you have
to use strace.

> Oh well, this cannot be helped ...

Well, there *is* a solution by using strace.  And hey, we now know what
ENXIO returned from seteuid means, don't we?  It's not all bad :)


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-15 Thread Houder 
On Thu, 14 Mar 2019 18:29:18, Corinna Vinschen  wrote:

> On Mar 14 16:53, Houder wrote:

> > On Thu, 14 Mar 2019 12:39:30, X wrote:
> > > Hello the list
[snip]
> > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address

> > Corinna,
> >
> > As far as I know, seteuid() can either return EINVAL or EPERM in case of
> > an error.
> >
> > EPERM (=3D  1) "Operation not permitted"
> > EINVAL(=3D 22) "Invalid argument"
> >
> > "No such device or address" appears to correspond to ENXIO (=3D  6). Is it
> > sshd, or is it Cygwin, that is confused here?
> 
> No confusion as such.  The underlying Windows function returns a NT
> status code, which is converted to a Win32 error code by a Windows
> function, and that Win32 error code is converted to a POSIX errno by
> Cygwin.  There are much more NT status codes than Win32 error codes, and
> there are much more Win32 error codses than POSIX errno values, so the
> mapping is inevitably unsatisfying.

.. yes, I am aware of the situation (winsup/cygwin/errno.cc) ...

However, in the end this kind of error messages is of NOT much use in order
to ascertain what is going on (i.e. what is causing the problem).

One is forced to create the exact same environment (system) as the person
who is complaining, fire up the debugger (like sticking a thermometer in a
patient's rear end) in order to find out where the code failed ...

Meaning, within the context of the recent sshd problems, possibly only you
know where the error ERROR_FILE_INVALID (resulting in the error message "No
such device or address") was generated ... (and by which Windows function).

Oh well, this cannot be helped ...

Thank you.

Regards,
Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Corinna Vinschen 
On Mar 14 16:53, Houder wrote:
> On Thu, 14 Mar 2019 12:39:30, X wrote:
> > Hello the list, 
> > 
> > Thanks for all the work and effort put into this.
> > Since two days i cannot login anymore (password less) with ssh into my
> > server
> > 
> > Server is : 
> > Microsoft Windows Server 2012 R2 Essentials / 6.3.9600 N/A version 9600
> > 
> > Cygwin was not up to date, but I have since updated it
> > CYGWIN_NT-6.3 [MACHINE NAME] 3.0.3(0.338/5/3) 2019-03-09 19:12 x86_64 Cygwin
> > 
> > I can login via password, it work and lets me in.
> > But if i tried with my keys, I get in the event viewer :
> > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> 
> Corinna,
> 
> As far as I know, seteuid() can either return EINVAL or EPERM in case of
> an error.
> 
> EPERM (=  1) "Operation not permitted"
> EINVAL(= 22) "Invalid argument"
> 
> "No such device or address" appears to correspond to ENXIO (=  6). Is it
> sshd, or is it Cygwin, that is confused here?

No confusion as such.  The underlying Windows function returns a NT
status code, which is converted to a Win32 error code by a Windows
function, and that Win32 error code is converted to a POSIX errno by
Cygwin.  There are much more NT status codes than Win32 error codes, and
there are much more Win32 error codses than POSIX errno values, so the
mapping is inevitably unsatisfying.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Houder 
On Thu, 14 Mar 2019 12:39:30, X wrote:
> Hello the list, 
> 
> Thanks for all the work and effort put into this.
> Since two days i cannot login anymore (password less) with ssh into my
> server
> 
> Server is : 
> Microsoft Windows Server 2012 R2 Essentials / 6.3.9600 N/A version 9600
> 
> Cygwin was not up to date, but I have since updated it
> CYGWIN_NT-6.3 [MACHINE NAME] 3.0.3(0.338/5/3) 2019-03-09 19:12 x86_64 Cygwin
> 
> I can login via password, it work and lets me in.
> But if i tried with my keys, I get in the event viewer :
> sshd: PID 3777: fatal: seteuid 1049076: No such device or address

Corinna,

As far as I know, seteuid() can either return EINVAL or EPERM in case of
an error.

EPERM (=  1) "Operation not permitted"
EINVAL(= 22) "Invalid argument"

"No such device or address" appears to correspond to ENXIO (=  6). Is it
sshd, or is it Cygwin, that is confused here?

Henri


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

RE: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread renaud.rolles 
> As for why, Administrator is the only local account with super-user
> permissions that is guaranteed to exist. Windows uses it in case something
> gone REALLY wrong, such as AD database recovery procedures.
> 
> It is easy enough to enable a locked account with offline tools, if your
system
> gone into such disrepair, that you can no longer even boot it, and need a
> LiveCD to login to local SAM environment.
> But recovering a lost Administrator password is a nontrivial endeavor, and
> chances to brind system into a working state without complete reinstall
are
> diminishing rather quick.

Ok, I will do it, I didn't think of that, thanks for sharing.

Thank you the list, you have been really helpfull.

Renaud


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Andrey Repin 
Greetings, renaud.rol...@giraudbtp.com!

>> Please remove /etc/passwd and /etc/group files. They are no longer
>> necessary, unless you have some very special needs, and even then, they
>> only needed for that one or two accounts you need special treatment for.

> They dont exists.

Then my next guess is that you'll have to reestablish your trust with
`passwd -R`. There's not many places where and what can be "saved" :)

>> The main security concern is, why your Administrator user:
>> 1. have password, and
>> 2. is not disabled?

> Why would i disable Administrator, it's the only local account, the server
> isn't in any domain and without password it doesn't seem secure at all.

Create a different local account, with necessary password and permissions,
then reset password on local Administrator account and disable it.

As for why, Administrator is the only local account with super-user
permissions that is guaranteed to exist. Windows uses it in case something
gone REALLY wrong, such as AD database recovery procedures.

It is easy enough to enable a locked account with offline tools, if your system
gone into such disrepair, that you can no longer even boot it, and need a
LiveCD to login to local SAM environment.
But recovering a lost Administrator password is a nontrivial endeavor, and
chances to brind system into a working state without complete reinstall are
diminishing rather quick.


-- 
With best regards,
Andrey Repin
Thursday, March 14, 2019 17:49:16

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Andrey Repin 
Greetings, David Dombrowsky!

> On 3/14/19 10:11 AM, Andrey Repin wrote:
>> Please remove /etc/passwd and /etc/group files. They are no longer necessary,
>> unless you have some very special needs, and even then, they only needed for
>> that one or two accounts you need special treatment for.
>> 

> Wait what?  What about all the standard unix programs that use those
> files to determine UID and all that?

No program should use these files to determine UID and all that.
If any of them does, it is either 30+ years old or not a standard program and
whoever wrote it should be beaten to death.

> Since when can we blow away
> /etc/passwd and /etc/group on a cygwin install?

Since about 3 to 5 years.


-- 
With best regards,
Andrey Repin
Thursday, March 14, 2019 17:47:17

Sorry for my terrible english...


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

RE: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread renaud.rolles 
> Please remove /etc/passwd and /etc/group files. They are no longer
> necessary, unless you have some very special needs, and even then, they
> only needed for that one or two accounts you need special treatment for.

They dont exists.

> The main security concern is, why your Administrator user:
> 1. have password, and
> 2. is not disabled?

Why would i disable Administrator, it's the only local account, the server 
isn't in any domain and without password it doesn't seem secure at all.
 



--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Corinna Vinschen 
On Mar 14 10:24, David Dombrowsky wrote:
> On 3/14/19 10:11 AM, Andrey Repin wrote:
> > Please remove /etc/passwd and /etc/group files. They are no longer 
> > necessary,
> > unless you have some very special needs, and even then, they only needed for
> > that one or two accounts you need special treatment for.
> > 
> 
> Wait what?  What about all the standard unix programs that use those
> files to determine UID and all that?  Since when can we blow away
> /etc/passwd and /etc/group on a cygwin install?

Since 2014.

https://cygwin.com/cygwin-ug-net/ntsec.html


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread David Dombrowsky 
On 3/14/19 10:11 AM, Andrey Repin wrote:
> Please remove /etc/passwd and /etc/group files. They are no longer necessary,
> unless you have some very special needs, and even then, they only needed for
> that one or two accounts you need special treatment for.
> 

Wait what?  What about all the standard unix programs that use those
files to determine UID and all that?  Since when can we blow away
/etc/passwd and /etc/group on a cygwin install?

-- 
David Dombrowsky, Software Engineer
da...@6thstreetradio.org | 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415



signature.asc
Description: OpenPGP digital signature

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Andrey Repin 
Greetings, renaud.rol...@giraudbtp.com!

>> > I can login via password, it work and lets me in.
>> > But if i tried with my keys, I get in the event viewer :
>> > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
>> 
>> - Make sure to login with the Administrator account case-sensitive.
>>   If your account is called "Administrator", then use an uppercase
>>   'A' when logging in.
>> 
>>   This case-sensitivity issue is a temporary workaround for a
>>   potential security problem in OpenSSH.  This will be rectified
>>   with OpenSSH 8.0 which allows to login case-insentive again.

> With Uppercase i do have a login prompt, but (with the good password), I cant 
> login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username 
> administrator
> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 
> port 60876 ssh2

Please remove /etc/passwd and /etc/group files. They are no longer necessary,
unless you have some very special needs, and even then, they only needed for
that one or two accounts you need special treatment for.

>> 
>> - If that doesn't help, switch the user running the sshd service from
>>   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
>> 

> This worked, like a charm, thank you 

>>   Cygwin switched the logon method and this method doesn't run
>>   under the "cyg_server" account sometimes.  However, switching
>>   back to "LocalSystem" instead of having to create a special
>>   "cyg_server" service account is one of the advantages of the
>>   new logon method.  For details, see
>> 
>>   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
>> 
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing the
> password ?
> I only use (and by only, again, thank you for that, saved me lot of time),
> to make rsync over ssh on windows hosts.

The main security concern is, why your Administrator user:
1. have password, and
2. is not disabled?


-- 
With best regards,
Andrey Repin
Thursday, March 14, 2019 16:39:04

Sorry for my terrible english...
--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

RE: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread renaud.rolles 
> Objet : Re: sshd: fatal: seteuid XXX : No such device or address
> 
> On Mar 14 14:26, renaud.rol...@giraudbtp.com wrote:
> > >
> > > On Mar 14 12:39, renaud.rol...@giraudbtp.com wrote:
> > > > I can login via password, it work and lets me in.
> > > > But if i tried with my keys, I get in the event viewer :
> > > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> > >
> > > - Make sure to login with the Administrator account case-sensitive.
> > >   If your account is called "Administrator", then use an uppercase
> > >   'A' when logging in.
> > >
> >
> > With Uppercase i do have a login prompt, but (with the good password), I
> cant login (remotly or localy).
> > I also have Information event :
> > sshd: PID 3788: Login name Administrator does not match stored
> > username administrator
> 
> As I said above, *if* your account is called Administrator...
> 

It is for the windows login, and used to be for cygwin to, it changed when i 
updated cygwin.
Login, localy and remotly dont work without capitalization, but the prompt is 
lowercase from local terminal, see below :

administrator@[MACHINE NAME] ~
$ ssh administrator@[MACHINE NAME]
administrator@[MACHINE NAME]'s password:
Ctrl+c

administrator@[MACHINE NAME] ~
$ ssh Administrator@[MACHINE NAME]
Last login: Thu Mar 14 14:58:00 2019 from 10.0.0.8

Administrator@[MACHINE NAME] ~
$
> >
> > >
> > > - If that doesn't help, switch the user running the sshd service from
> > >   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> > >
> >
> > This worked, like a charm, thank you 
> >
> 
> The cyg_server account has been introduced many years ago as a
> workaround for a change in the LocalSystem permissions in Windows 2003
> and later.  The new S4ULogon method makes the cyg_server account
> obsolete because the reduced permissions of LocalSystem are sufficient
> now.
> 
Ok, thank you, i installed it few years ago, so outdated knowledge.


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Corinna Vinschen 
On Mar 14 14:26, renaud.rol...@giraudbtp.com wrote:
> > 
> > On Mar 14 12:39, renaud.rol...@giraudbtp.com wrote:
> > > I can login via password, it work and lets me in.
> > > But if i tried with my keys, I get in the event viewer :
> > > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> > 
> > - Make sure to login with the Administrator account case-sensitive.
> >   If your account is called "Administrator", then use an uppercase
> >   'A' when logging in.
> > 
> >   This case-sensitivity issue is a temporary workaround for a
> >   potential security problem in OpenSSH.  This will be rectified
> >   with OpenSSH 8.0 which allows to login case-insentive again.
> 
> With Uppercase i do have a login prompt, but (with the good password), I cant 
> login (remotly or localy).
> I also have Information event :
> sshd: PID 3788: Login name Administrator does not match stored username 
> administrator

As I said above, *if* your account is called Administrator...

> sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
> then three :
> sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 
> port 60876 ssh2
> 
> > 
> > - If that doesn't help, switch the user running the sshd service from
> >   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> > 
> 
> This worked, like a charm, thank you 
> 
> >   Cygwin switched the logon method and this method doesn't run
> >   under the "cyg_server" account sometimes.  However, switching
> >   back to "LocalSystem" instead of having to create a special
> >   "cyg_server" service account is one of the advantages of the
> >   new logon method.  For details, see
> > 
> >   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> > 
> I didn't fully understand it all to be honest, but, is there another
> drawback to have the localsystem running the deamon instead of the
> cyg_server user, other than having the administrator possibly knowing
> the password ?

The cyg_server account has been introduced many years ago as a
workaround for a change in the LocalSystem permissions in 
Windows 2003 and later.  The new S4ULogon method makes the cyg_server
account obsolete because the reduced permissions of LocalSystem
are sufficient now.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

RE: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread renaud.rolles 
> 
> On Mar 14 12:39, renaud.rol...@giraudbtp.com wrote:
> > I can login via password, it work and lets me in.
> > But if i tried with my keys, I get in the event viewer :
> > sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> 
> - Make sure to login with the Administrator account case-sensitive.
>   If your account is called "Administrator", then use an uppercase
>   'A' when logging in.
> 
>   This case-sensitivity issue is a temporary workaround for a
>   potential security problem in OpenSSH.  This will be rectified
>   with OpenSSH 8.0 which allows to login case-insentive again.

With Uppercase i do have a login prompt, but (with the good password), I cant 
login (remotly or localy).
I also have Information event :
sshd: PID 3788: Login name Administrator does not match stored username 
administrator
sshd: PID 3788: Invalid user Administrator from 10.0.0.8 port 60876
then three :
sshd: PID 3788: Failed password for invalid user Administrator from 10.0.0.8 
port 60876 ssh2

> 
> - If that doesn't help, switch the user running the sshd service from
>   "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")
> 

This worked, like a charm, thank you 

>   Cygwin switched the logon method and this method doesn't run
>   under the "cyg_server" account sometimes.  However, switching
>   back to "LocalSystem" instead of having to create a special
>   "cyg_server" service account is one of the advantages of the
>   new logon method.  For details, see
> 
>   https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1
> 
I didn't fully understand it all to be honest, but, is there another drawback 
to have the localsystem running the deamon instead of the cyg_server user, 
other than having the administrator possibly knowing the password ?
I only use (and by only, again, thank you for that, saved me lot of time), to 
make rsync over ssh on windows hosts.
> 
> Corinna
> 
Thanks Renaud


--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd: fatal: seteuid XXX : No such device or address

2019-03-14 Thread Corinna Vinschen 
On Mar 14 12:39, renaud.rol...@giraudbtp.com wrote:
> Hello the list, 
> 
> Thanks for all the work and effort put into this.
> Since two days i cannot login anymore (password less) with ssh into my
> server
> 
> Server is : 
> Microsoft Windows Server 2012 R2 Essentials / 6.3.9600 N/A version 9600
> 
> Cygwin was not up to date, but I have since updated it
> CYGWIN_NT-6.3 [MACHINE NAME] 3.0.3(0.338/5/3) 2019-03-09 19:12 x86_64 Cygwin
> 
> I can login via password, it work and lets me in.
> But if i tried with my keys, I get in the event viewer :
> sshd: PID 3777: fatal: seteuid 1049076: No such device or address
> 
> I tried googling around, reinstalled multiple times sshd, the user and the
> service with no luck so far.
> I was working for several years now.
> 
> For now I have no clue, so i'm asking what did I do wrong ?

You should try two things:

- Make sure to login with the Administrator account case-sensitive.
  If your account is called "Administrator", then use an uppercase
  'A' when logging in.

  This case-sensitivity issue is a temporary workaround for a
  potential security problem in OpenSSH.  This will be rectified
  with OpenSSH 8.0 which allows to login case-insentive again.

- If that doesn't help, switch the user running the sshd service from
  "cyg_server" to SYSTEM (the services GUI calls it "LocalSystem")

  Cygwin switched the logon method and this method doesn't run
  under the "cyg_server" account sometimes.  However, switching
  back to "LocalSystem" instead of having to create a special
  "cyg_server" service account is one of the advantages of the
  new logon method.  For details, see

  https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1


HTH,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd error "seteuid: No such device or address"

2019-03-13 Thread Achim Gratz 
David Dombrowsky writes:
> If I'm reading this correctly, using the SYSTEM account will deny access
> to user-level shares.  Using the cyg_server account (or another service
> account) will allow access, but requires a password stored in the
> registry.

That was already the case if you logged in any way other than via
password, either a stored one (when using pubkey auth) or explicitly at
logon.  At the moment there seems to be no way around that requirement.

Don't forget that you will have to change the stored password each time
you change your password in the domain.  Forgetting that and trying to
log in a few times usually gets your account locked.  Btw, unless you
completely lock down password logins on the SSH server, you can still
tell ssh not to use your pubkey and it will fall back to asking for a
password.  You don't need an admin shell if you want to store your own
password in the registry (and admin can also change or remove one for a
different user).


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd privsep user still required?

2019-03-13 Thread Bill Stewart 
On Wed, Mar 13, 2019 at 9:29 AM Corinna Vinschen wrote:

> > However: It's still the case that the user cannot bypass OS security
even
> > if he or she "escapes" from the jail, right?
> >
> > My goal is to restrict sftp browsing on the client side.
> >
> > Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> > seems to accomplish this.
> >
> > Is this not correct?
>
> It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
> /dev directories are still visible inside the chroot jail speaks against
> that.

So to summarize: Even though the fake chroot doesn't increase security, it
doesn't reduce it, either.

In other words, even if the user "escapes" the jail, he or she can still
only do what the underlying OS permits.

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd privsep user still required?

2019-03-13 Thread Corinna Vinschen 
On Mar 13 09:11, Bill Stewart wrote:
> On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:
> 
> > > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > > /etc/password file?
> > >
> > > b) Why is the sshd account required?
> >
> > sshd checks for uid 0 and requires the sshd account when chroot is
> > requested.
> >
> > > c) Why are /cygdrive and /dev directories visible when connecting using
> a
> > > sftp client?
> >
> > The Cygwin chroot implementation is pure fake.  It's not backed by the
> > OS and it's failry easy to break out of the jail.  As such, the chroot
> > implementation is deprecated and only kept for backward compatibility.
> > I suggest not to use it.  It gives a wrong sense of security.
> 
> Right: I totally understand that Cygwin's chroot implementation does not
> add any security (because chroot doesn't exist natively on Windows).
> 
> However: It's still the case that the user cannot bypass OS security even
> if he or she "escapes" from the jail, right?
> 
> My goal is to restrict sftp browsing on the client side.
> 
> Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
> seems to accomplish this.
> 
> Is this not correct?

It seems like it, but I wouldn't bet on it.  The fact that /cygdrive and
/dev directories are still visible inside the chroot jail speaks against
that.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd privsep user still required?

2019-03-13 Thread Bill Stewart 
On Wed, Mar 13, 2019 at 2:57 AM Corinna Vinschen wrote:

> > a) Why is it necessary to specify SYSTEM as user number 0 in the
> > /etc/password file?
> >
> > b) Why is the sshd account required?
>
> sshd checks for uid 0 and requires the sshd account when chroot is
> requested.
>
> > c) Why are /cygdrive and /dev directories visible when connecting using
a
> > sftp client?
>
> The Cygwin chroot implementation is pure fake.  It's not backed by the
> OS and it's failry easy to break out of the jail.  As such, the chroot
> implementation is deprecated and only kept for backward compatibility.
> I suggest not to use it.  It gives a wrong sense of security.

Right: I totally understand that Cygwin's chroot implementation does not
add any security (because chroot doesn't exist natively on Windows).

However: It's still the case that the user cannot bypass OS security even
if he or she "escapes" from the jail, right?

My goal is to restrict sftp browsing on the client side.

Using ChrootDirectory with "ForceCommand internal-sftp" in sshd_config
seems to accomplish this.

Is this not correct?

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd privsep user still required?

2019-03-13 Thread Corinna Vinschen 
On Mar 12 16:21, Bill Stewart wrote:
> On Thu, 17 Jan 2019 Corinna Vinschen wrote:
> 
> > > Is the sshd disabled user account still required?
> >
> > No, actually it isn't.  These days the sshd server checks if the
> > the privsep chrrot environment should be used and that the process
> > is started under "root:root".  This never matches under Cygwin so
> > we could drop the sshd user requirement.
> 
> So I was exploring using the ChrootDirectory setting in sshd_config to
> configure a user as sftp only.
> 
> The following seems to work:
> 
> 1) Run sshd service as SYSTEM
> 
> 2) Specify SYSTEM as user 0 in /etc/passwd file; e.g.:
> 
> SYSTEM:*:0:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/var/empty:/bin/false
> 
> 3) Create a local sshd user account
> 
> 4) Update sshd_config settings to use something such as:
> 
> Match User sftponly
> ChrootDirectory /home/%u
> ForceCommand internal-sftp
> 
> This works.
> 
> If the sshd account is missing or disabled, I can't connect using the
> sftponly user, so it would seem that the sshd account really is required.
> 
> I have three questions:
> 
> a) Why is it necessary to specify SYSTEM as user number 0 in the
> /etc/password file?
> 
> b) Why is the sshd account required?

sshd checks for uid 0 and requires the sshd account when chroot is
requested.

> b) Why are /cygdrive and /dev directories visible when connecting using a
> sftp client?

The Cygwin chroot implementation is pure fake.  It's not backed by the
OS and it's failry easy to break out of the jail.  As such, the chroot
implementation is deprecated and only kept for backward compatibility.
I suggest not to use it.  It gives a wrong sense of security.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd error "seteuid: No such device or address"

2019-03-12 Thread Bill Stewart 
On Tue, Mar 12, 2019 at 8:02 PM David Dombrowsky wrote:

> > Surely you don't mean they have a plain-text copy of your password?
>
> If only I were kidding.  Security through Oblivity :)

(?!) There is no reason that anyone else should have your password.

This means (among other things) that someone else who knows your password
can log on _as you_ and you cannot prove otherwise. Nonrepudiation is
completely destroyed.

My advice is to look for employment elsewhere.

Good luck...

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

2019-03-12 Thread David Dombrowsky 
On 3/12/19 8:54 PM, Bill Stewart wrote:
> On Tue, Mar 12, 2019 at 6:19 PM David Dombrowsky wrote:
> 
>> For me, this is acceptable risk since this is a single user machine and
>> the administrators of the domain already know my domain password :)
> 
> I hope you really mean that they can _reset_ your domain password if needed?
> 
> Surely you don't mean they have a plain-text copy of your password?

If only I were kidding.  Security through Oblivity :)

Let me introduce you to my client's website:

 https://thedailywtf.com/articles/Security_by_Oblivity

Fortunately I do most of my work on my linux box anyway.

(The previous post has been presented in 100% sarcasm, please adjust
your screens accordingly.)

-- 
David Dombrowsky, Software Engineer
da...@6thstreetradio.org | 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415



signature.asc
Description: OpenPGP digital signature

Re: sshd error "seteuid: No such device or address"

2019-03-12 Thread Bill Stewart 
On Tue, Mar 12, 2019 at 6:19 PM David Dombrowsky wrote:

> For me, this is acceptable risk since this is a single user machine and
> the administrators of the domain already know my domain password :)

I hope you really mean that they can _reset_ your domain password if needed?

Surely you don't mean they have a plain-text copy of your password?

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

2019-03-12 Thread David Dombrowsky 
On 3/12/19 5:30 PM, Corinna Vinschen wrote:
>> Was that the correct solution?  Is that expected?  This windows box is
>> on a domain, so that might have something to do with it.
> 
> Just switch the account sshd is running under from "cyg_server" to
> SYSTEM (or "LocalSystem") and you should be able to logon without the
> passwd -R method again.
> 
> This is a side effect of changing how Cygwin switches the user
> context by default.  See
> 
> https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1

If I'm reading this correctly, using the SYSTEM account will deny access
to user-level shares.  Using the cyg_server account (or another service
account) will allow access, but requires a password stored in the
registry.

For me, this is acceptable risk since this is a single user machine and
the administrators of the domain already know my domain password :)


-- 
David Dombrowsky, Software Engineer
da...@6thstreetradio.org | 518-374-3204
https://www.linkedin.com/in/david-dombrowsky-94334415



signature.asc
Description: OpenPGP digital signature

Re: sshd privsep user still required?

2019-03-12 Thread Bill Stewart 
On Thu, 17 Jan 2019 Corinna Vinschen wrote:

> > Is the sshd disabled user account still required?
>
> No, actually it isn't.  These days the sshd server checks if the
> the privsep chrrot environment should be used and that the process
> is started under "root:root".  This never matches under Cygwin so
> we could drop the sshd user requirement.

So I was exploring using the ChrootDirectory setting in sshd_config to
configure a user as sftp only.

The following seems to work:

1) Run sshd service as SYSTEM

2) Specify SYSTEM as user 0 in /etc/passwd file; e.g.:

SYSTEM:*:0:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/var/empty:/bin/false

3) Create a local sshd user account

4) Update sshd_config settings to use something such as:

Match User sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp

This works.

If the sshd account is missing or disabled, I can't connect using the
sftponly user, so it would seem that the sshd account really is required.

I have three questions:

a) Why is it necessary to specify SYSTEM as user number 0 in the
/etc/password file?

b) Why is the sshd account required?

b) Why are /cygdrive and /dev directories visible when connecting using a
sftp client?

Thanks!

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd error "seteuid: No such device or address"

2019-03-12 Thread Corinna Vinschen 
On Mar 12 17:09, David Dombrowsky wrote:
> I managed to solve this problem, but I'd love some confirmation that I
> solved it the right way.
> 
> After updating cygwin and rebooting, all of a sudden I couldn't ssh
> into my windows box.  The remote gave the usual "connection closed by
>  port 22" before anything happened.  Running in debug mode from
> an admin shell didn't yield anything, but looking in the windows
> application logs, I saw:
> 
> sshd: PID 2588: fatal: seteuid 1056480: No such device or address
> 
> The google suggested that the error was pty related, but it was not.
> 
> By accident, I noticed that I could log in from an account that I
> hadn't set up public key auth, using my password.  So I forced ssh to
> prompt for my password and viola!  I got in just fine.
> 
> On the server, I started another admin shell and did `passwd -R
> my.username` and input my password.  That was the key.  I can now log
> in using public key auth as I could a few hours ago.
> 
> Was that the correct solution?  Is that expected?  This windows box is
> on a domain, so that might have something to do with it.

Just switch the account sshd is running under from "cyg_server" to
SYSTEM (or "LocalSystem") and you should be able to logon without the
passwd -R method again.

This is a side effect of changing how Cygwin switches the user
context by default.  See

https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-nopasswd1


HTH,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd problem on WS2008R2 64bit

2019-03-07 Thread Brian Inglis 
On 2019-03-07 01:53, Corinna Vinschen wrote:
> On Mar  6 23:15, Brian Inglis wrote:
>> On 2019-03-06 13:59, Corinna Vinschen wrote:
>>> I'm reasonably sure there won't be any fix for these systems for at
>>> least two reasons:
>>> - All affected systems are EOLed or in the last year of their Extended
>>>   Support Cycle, all ending on 2020-01-14.
>>> - I opened a support case for an older Windows release a couple of years
>>>   ago.  A fix for the problem has been refused because the problem was
>>>   fixed in the newer OS.  I got told literally that the fix is to upgrade
>>>   to the newer OS.
>> No backports on rolling releases reminds me of some other project? ;^p
> Why, I can't imagine which project that could be...

One that *doesn't have* design botches that can't be fixed by the maintenance
team, but needs a redesign by the product team to fix in a later major release.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-07 Thread Corinna Vinschen 
On Mar  6 23:15, Brian Inglis wrote:
> On 2019-03-06 13:59, Corinna Vinschen wrote:
> > I'm reasonably sure there won't be any fix for these systems for at
> > least two reasons:
> > - All affected systems are EOLed or in the last year of their Extended
> >   Support Cycle, all ending on 2020-01-14.
> > - I opened a support case for an older Windows release a couple of years
> >   ago.  A fix for the problem has been refused because the problem was
> >   fixed in the newer OS.  I got told literally that the fix is to upgrade
> >   to the newer OS.
> 
> No backports on rolling releases reminds me of some other project? ;^p

Why, I can't imagine which project that could be...


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Brian Inglis 
On 2019-03-06 13:59, Corinna Vinschen wrote:
> I'm reasonably sure there won't be any fix for these systems for at
> least two reasons:
> - All affected systems are EOLed or in the last year of their Extended
>   Support Cycle, all ending on 2020-01-14.
> - I opened a support case for an older Windows release a couple of years
>   ago.  A fix for the problem has been refused because the problem was
>   fixed in the newer OS.  I got told literally that the fix is to upgrade
>   to the newer OS.

No backports on rolling releases reminds me of some other project? ;^p

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Stephen Paul Carrier 
On Wed, Mar 06, 2019 at 03:44:36PM -0800, Stephen Paul Carrier wrote:
> PW=`dd if=/dev/random bs=15 count=1 | base 64`

That should be 'base64' of course, without the space.

--S

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Stephen Paul Carrier 
On Wed, Mar 06, 2019 at 02:24:59PM -0700, Bill Stewart wrote:
...   
> For my part, I'm writing a PowerShell script that does the following:
> 
> 1) Create a local user account
> 2) Grant it SeBatchLogonRight
> 3) Create a scheduled task for it

Powershell is probably more elegant if you're familiar with it, but I
found this bash sequence that does the trick:

-
PW=`dd if=/dev/random bs=15 count=1 | base 64`
net user s4udummy /add
net user s4udummy $PW
wmic USERACCOUNT WHERE NAME=\'s4udummy\' SET PasswordExpires=FALSE

/usr/bin/editrights -u s4udummy -a SeBatchLogonRight
schtasks /create /tn wake-s4u /sc ONSTART /ru s4udummy /rp $PW \
 /tr '"$SYSTEMROOT"\\System32\\cmd.exe /c exit'
sc config cron depend= Schedule
-

I added the last statement, to make cron dependent on the Task Scheduler,
because my crontabs use '@reboot' and I am worried about cron trying
to spawn an important job before the Task Scheduler has a chance to
fix seteuid().

The dependency isn't logically sufficient as wake-s4u job needs some
time to finish.  But its working so far.  I can configure cron to start
with a delay should Task Scheduler ever lose the race.

Thanks everyone for quick attention to this problem and the workaround!

--Stephen

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Bill Stewart 
On Wed, Mar 6, 2019 at 2:00 PM Corinna Vinschen wrote:

> > Whether this workaround is feasible likely depends on the end user. The
> > workaround has its own limitations. Here are at least 2 that I can
think of
> > right now:
> >
> > 1. The local user must have "Log on as a batch job" (SeBatchLogonRight)
> > user right.
> >
> > 2. The "Network access: Do not allow storage of passwords and
credentials
> > for network authentication" security policy must be set to "Disabled".
(If
> > this policy is set to "Enabled", then you can't create scheduled tasks
with
> > stored passwords.)
> >
> > It's a weird problem. The best option would be for Microsoft to provide
a
> > fix (if we can provide a short example program that reproduces it).
>
> I'm reasonably sure there won't be any fix for these systems for at
> least two reasons:
>
> - All affected systems are EOLed or in the last year of their Extended
>   Support Cycle, all ending on 2020-01-14.
>
> - I opened a support case for an older Windows release a couple of years
>   ago.  A fix for the problem has been refused because the problem was
>   fixed in the newer OS.  I got told literally that the fix is to upgrade
>   to the newer OS.

You are probably right about that.

I guess you're stuck explaining this quirk in the documentation and
explaining the workarounds.

For my part, I'm writing a PowerShell script that does the following:

1) Create a local user account
2) Grant it SeBatchLogonRight
3) Create a scheduled task for it

Regards,

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Corinna Vinschen 
On Mar  6 13:47, Bill Stewart wrote:
> On Wed, Mar 6, 2019 at 1:14 PM Corinna Vinschen wrote:
> 
> > > > > What precisely happens when Cygwin uses MSV1 S4ULogon on versions
> older
> > > > > than 6.3 before a user has logged on?
> > > >
> > > > MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> > > > given it works if some user already logged in by other means...
> > >
> > > OK, so here's another potential workaround that doesn't require running
> the
> > > service as a specific user...
> > >
> > > Create a scheduled task to run using the following settings:
> > >
> > > General -> Run using user account - > choose a local account
> > > General -> "Run whether user is logged on or not"
> > > Triggers -> Run at system startup
> > > Actions -> Start a program -> Program/script:
> %SystemRoot%\Cystem32\cmd.exe
> > > Actions -> Start a program -> Add arguments: /c exit
> > >
> > > Full password logon is required (seems we can't use "do not store
> password"
> > > option).
> > >
> > > The local account does not have to be a member of Administrators, but it
> > > does require user right "Log on as a batch job" (SeBatchLogonRight).
> > >
> > > In my prefunctory testing this seems to fix this problem.
> > >
> > > Does this work?
> >
> > This does indeed work in my local testing on Windows 7, with a local
> > dummy user just for this scheduled job and sshd running under SYSTEM.
> >
> > Now, if that's a feasible workaround for users of these older
> > systems...?
> 
> Good -- this works for me also. (My wild guess, which may be wrong, is that
> the older OS versions don't initialize MSV1 S4ULogon for some reason until
> somebody logs on.)
> 
> Whether this workaround is feasible likely depends on the end user. The
> workaround has its own limitations. Here are at least 2 that I can think of
> right now:
> 
> 1. The local user must have "Log on as a batch job" (SeBatchLogonRight)
> user right.
> 
> 2. The "Network access: Do not allow storage of passwords and credentials
> for network authentication" security policy must be set to "Disabled". (If
> this policy is set to "Enabled", then you can't create scheduled tasks with
> stored passwords.)
> 
> It's a weird problem. The best option would be for Microsoft to provide a
> fix (if we can provide a short example program that reproduces it).

I'm reasonably sure there won't be any fix for these systems for at
least two reasons:

- All affected systems are EOLed or in the last year of their Extended
  Support Cycle, all ending on 2020-01-14.

- I opened a support case for an older Windows release a couple of years
  ago.  A fix for the problem has been refused because the problem was
  fixed in the newer OS.  I got told literally that the fix is to upgrade
  to the newer OS.


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Bill Stewart 
On Wed, Mar 6, 2019 at 1:14 PM Corinna Vinschen wrote:

> > > > What precisely happens when Cygwin uses MSV1 S4ULogon on versions
older
> > > > than 6.3 before a user has logged on?
> > >
> > > MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> > > given it works if some user already logged in by other means...
> >
> > OK, so here's another potential workaround that doesn't require running
the
> > service as a specific user...
> >
> > Create a scheduled task to run using the following settings:
> >
> > General -> Run using user account - > choose a local account
> > General -> "Run whether user is logged on or not"
> > Triggers -> Run at system startup
> > Actions -> Start a program -> Program/script:
%SystemRoot%\Cystem32\cmd.exe
> > Actions -> Start a program -> Add arguments: /c exit
> >
> > Full password logon is required (seems we can't use "do not store
password"
> > option).
> >
> > The local account does not have to be a member of Administrators, but it
> > does require user right "Log on as a batch job" (SeBatchLogonRight).
> >
> > In my prefunctory testing this seems to fix this problem.
> >
> > Does this work?
>
> This does indeed work in my local testing on Windows 7, with a local
> dummy user just for this scheduled job and sshd running under SYSTEM.
>
> Now, if that's a feasible workaround for users of these older
> systems...?

Good -- this works for me also. (My wild guess, which may be wrong, is that
the older OS versions don't initialize MSV1 S4ULogon for some reason until
somebody logs on.)

Whether this workaround is feasible likely depends on the end user. The
workaround has its own limitations. Here are at least 2 that I can think of
right now:

1. The local user must have "Log on as a batch job" (SeBatchLogonRight)
user right.

2. The "Network access: Do not allow storage of passwords and credentials
for network authentication" security policy must be set to "Disabled". (If
this policy is set to "Enabled", then you can't create scheduled tasks with
stored passwords.)

It's a weird problem. The best option would be for Microsoft to provide a
fix (if we can provide a short example program that reproduces it).

Regards,

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Corinna Vinschen 
On Mar  6 09:45, Bill Stewart wrote:
> On Wed, Mar 6, 2019 at 8:34 AM Corinna Vinschen wrote:
> 
> > On Mar  6 08:38, Bill Stewart wrote:
> > > On Wed, Mar 6, 2019 at 7:34 AM Corinna Vinschen  wrote:
> > > > On Mar  6 15:17, Corinna Vinschen wrote:
> > > > > But the old Systems like Windows 7 don't want to play nice.
> > > > >
> > > > > - On Vista and Windows 7 WOW64, MsV1_0S4ULogon isn't implemented
> > > > >   at all, which required to keep the create_token method
> > > > >   available
> > > > >
> > > > > - On Vista and Windows 7 MsV1_0S4ULogon does not work without
> > > > >   some user logged in locally, even if it's just the cyg_server
> > > > >   service account.
> > > >
> > > > FTR, Windows 8 / Server 2012 is affected as well,
> > > >  Windows 8.1 / Server 2012 R2 is not.
> > > > >
> > > > > Question is, what is a good solution?  Reverting cyglsa as
> > > > > well to allow the old methods to work as before?  This is
> > > > > the opposite of what I had hoped to accomplish :(
> > >
> > > I agree that the new S4U logon method is by far the best solution.
> > >
> > > It seems to me that this MSV1 S4ULogon behavior on versions older than
> NT
> > > 6.3 (Vista/Srv2008/Win7/Srv2008R2/Win8/Srv2012) is not expected.
> > >
> > > What precisely happens when Cygwin uses MSV1 S4ULogon on versions older
> > > than 6.3 before a user has logged on?
> >
> > MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> > given it works if some user already logged in by other means...
> 
> OK, so here's another potential workaround that doesn't require running the
> service as a specific user...
> 
> Create a scheduled task to run using the following settings:
> 
> General -> Run using user account - > choose a local account
> General -> "Run whether user is logged on or not"
> Triggers -> Run at system startup
> Actions -> Start a program -> Program/script: %SystemRoot%\Cystem32\cmd.exe
> Actions -> Start a program -> Add arguments: /c exit
> 
> Full password logon is required (seems we can't use "do not store password"
> option).
> 
> The local account does not have to be a member of Administrators, but it
> does require user right "Log on as a batch job" (SeBatchLogonRight).
> 
> In my prefunctory testing this seems to fix this problem.
> 
> Does this work?

This does indeed work in my local testing on Windows 7, with a local
dummy user just for this scheduled job and sshd running under SYSTEM.

Now, if that's a feasible workaround for users of these older
systems...?


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Bill Stewart 
On Wed, Mar 6, 2019 at 8:34 AM Corinna Vinschen wrote:

> On Mar  6 08:38, Bill Stewart wrote:
> > On Wed, Mar 6, 2019 at 7:34 AM Corinna Vinschen  wrote:
> > > On Mar  6 15:17, Corinna Vinschen wrote:
> > > > But the old Systems like Windows 7 don't want to play nice.
> > > >
> > > > - On Vista and Windows 7 WOW64, MsV1_0S4ULogon isn't implemented
> > > >   at all, which required to keep the create_token method
> > > >   available
> > > >
> > > > - On Vista and Windows 7 MsV1_0S4ULogon does not work without
> > > >   some user logged in locally, even if it's just the cyg_server
> > > >   service account.
> > >
> > > FTR, Windows 8 / Server 2012 is affected as well,
> > >  Windows 8.1 / Server 2012 R2 is not.
> > > >
> > > > Question is, what is a good solution?  Reverting cyglsa as
> > > > well to allow the old methods to work as before?  This is
> > > > the opposite of what I had hoped to accomplish :(
> >
> > I agree that the new S4U logon method is by far the best solution.
> >
> > It seems to me that this MSV1 S4ULogon behavior on versions older than
NT
> > 6.3 (Vista/Srv2008/Win7/Srv2008R2/Win8/Srv2012) is not expected.
> >
> > What precisely happens when Cygwin uses MSV1 S4ULogon on versions older
> > than 6.3 before a user has logged on?
>
> MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> given it works if some user already logged in by other means...

OK, so here's another potential workaround that doesn't require running the
service as a specific user...

Create a scheduled task to run using the following settings:

General -> Run using user account - > choose a local account
General -> "Run whether user is logged on or not"
Triggers -> Run at system startup
Actions -> Start a program -> Program/script: %SystemRoot%\Cystem32\cmd.exe
Actions -> Start a program -> Add arguments: /c exit

Full password logon is required (seems we can't use "do not store password"
option).

The local account does not have to be a member of Administrators, but it
does require user right "Log on as a batch job" (SeBatchLogonRight).

In my prefunctory testing this seems to fix this problem.

Does this work?

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Bill Stewart 
On Wed, Mar 6, 2019 at 8:34 AM Corinna Vinschen wrote:

> > What precisely happens when Cygwin uses MSV1 S4ULogon on versions older
> > than 6.3 before a user has logged on?
>
> MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
> given it works if some user already logged in by other means...

Agreed. It seems to me that this behavior is not expected (bug/defect).

Can someone provide a short sample test program that illustrates this
specific problem?

It is possible that I have the ability to address this with Microsoft
through a support resource.

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Corinna Vinschen 
On Mar  6 08:38, Bill Stewart wrote:
> On Wed, Mar 6, 2019 at 7:34 AM Corinna Vinschen  wrote:
> > On Mar  6 15:17, Corinna Vinschen wrote:
> > > But the old Systems like Windows 7 don't want to play nice.
> > >
> > > - On Vista and Windows 7 WOW64, MsV1_0S4ULogon isn't implemented
> > >   at all, which required to keep the create_token method
> > >   available
> > >
> > > - On Vista and Windows 7 MsV1_0S4ULogon does not work without
> > >   some user logged in locally, even if it's just the cyg_server
> > >   service account.
> >
> > FTR, Windows 8 / Server 2012 is affected as well,
> >  Windows 8.1 / Server 2012 R2 is not.
> > >
> > > Question is, what is a good solution?  Reverting cyglsa as
> > > well to allow the old methods to work as before?  This is
> > > the opposite of what I had hoped to accomplish :(
> 
> I agree that the new S4U logon method is by far the best solution.
> 
> It seems to me that this MSV1 S4ULogon behavior on versions older than NT
> 6.3 (Vista/Srv2008/Win7/Srv2008R2/Win8/Srv2012) is not expected.
> 
> What precisely happens when Cygwin uses MSV1 S4ULogon on versions older
> than 6.3 before a user has logged on?

MsV1S4ULogon returns with STATUS_NOT_SUPPORTED.  Funny status code,
given it works if some user already logged in by other means...


Corinna


-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Bill Stewart 
On Wed, Mar 6, 2019 at 7:34 AM Corinna Vinschen  wrote:
> On Mar  6 15:17, Corinna Vinschen wrote:
> > But the old Systems like Windows 7 don't want to play nice.
> >
> > - On Vista and Windows 7 WOW64, MsV1_0S4ULogon isn't implemented
> >   at all, which required to keep the create_token method
> >   available
> >
> > - On Vista and Windows 7 MsV1_0S4ULogon does not work without
> >   some user logged in locally, even if it's just the cyg_server
> >   service account.
>
> FTR, Windows 8 / Server 2012 is affected as well,
>  Windows 8.1 / Server 2012 R2 is not.
> >
> > Question is, what is a good solution?  Reverting cyglsa as
> > well to allow the old methods to work as before?  This is
> > the opposite of what I had hoped to accomplish :(

I agree that the new S4U logon method is by far the best solution.

It seems to me that this MSV1 S4ULogon behavior on versions older than NT
6.3 (Vista/Srv2008/Win7/Srv2008R2/Win8/Srv2012) is not expected.

What precisely happens when Cygwin uses MSV1 S4ULogon on versions older
than 6.3 before a user has logged on?

Bill

--
Problem reports:   http://cygwin.com/problems.html
FAQ:   http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info:  http://cygwin.com/ml/#unsubscribe-simple

Re: sshd problem on WS2008R2 64bit

2019-03-06 Thread Corinna Vinschen 
On Mar  6 15:17, Corinna Vinschen wrote:
> But the old Systems like Windows 7 don't want to play nice.
> 
> - On Vista and Windows 7 WOW64, MsV1_0S4ULogon isn't implemented
>   at all, which required to keep the create_token method
>   available
> 
> - On Vista and Windows 7 MsV1_0S4ULogon does not work without
>   some user logged in locally, even if it's just the cyg_server
>   service account.

FTR, Windows 8 / Server 2012 is affected as well,
 Windows 8.1 / Server 2012 R2 is not.

> 
> Question is, what is a good solution?  Reverting cyglsa as 
> well to allow the old methods to work as before?  This is
> the opposite of what I had hoped to accomplish :(


Corinna

-- 
Corinna Vinschen
Cygwin Maintainer


signature.asc
Description: PGP signature

  1   2   3   4   5   6   7   8   9   10   >