* Re: Potential bug in sshd [not found] <000001c6d676$223a5110$0300a8c0@iPremise.local> @ 2006-09-12 14:17 ` Rob Bosch 2006-09-12 14:43 ` Michael Sowka 0 siblings, 1 reply; 11+ messages in thread From: Rob Bosch @ 2006-09-12 14:17 UTC (permalink / raw) To: msowka, cygwin Sshd will spawn processes that deal with individual connections so even though you stop the service there may still be sshd processes running. The way to tell if your sshd daemon is stopped is to run a netstat -a | find "ssh" | find "LISTEN". This will only find sshd processes that are listening for new connections and not the ones that are established to deal with existing ssh connections. I've experienced connection problems from time to time with sshd on cygwin. Almost always this is either due to high load on the receiving server and it just can't handle it, or a problem with the network connection. Are your connections all on the LAN or WAN? -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Potential bug in sshd 2006-09-12 14:17 ` Potential bug in sshd Rob Bosch @ 2006-09-12 14:43 ` Michael Sowka 2006-09-12 14:50 ` Dave Korn 2006-09-12 17:09 ` Tristen Hayfield 0 siblings, 2 replies; 11+ messages in thread From: Michael Sowka @ 2006-09-12 14:43 UTC (permalink / raw) To: cygwin Thanks Rob, Ah yes, this explains the "zombie" processes as I cannot make actual client connections. Something is very bizarre with my cygwin setup here. I've noticed other symptoms too: on reinstalling cygwin the info-update and cygwing post-install scripts hang. In fact, after the cygwin install supposedly finished, on logging out windows complained that 'cygwin post-install scripts' were still up and it couldn't kill them. So it seems that on attempting to connect the sshd thread hangs too "unexpectedly closing the connection" or sometimes just hanging the client. To answer your question Rob, no I have not experienced any other network problems, or unusually high traffic (this is my desktop machine). Plus, I'm trying to do this from/to localhost. ! One thing I did notice as I was looking for logs to send in to the list is that the System Events log is that recently I've had a barrage of attempted break-ins via ssh (failed logins as root, admin, etc.). I trust that OpenSSH is pretty solid, have experienced this before, and don't make too much of it... but could this have melted my system?! Finding useful info was easy enough (/var/log/ssh), here is an excerpt. Speculation: this does seem to support the symptoms I'm having (dropped connections from "worker" threads, no response, etc.). I don't "read" Win32 logs but I have a hunch someone can ID this problem on the spot. 4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed 2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32 error 0 59 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 3757715 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 24253452 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 HAS MY SYSTEM BEEN COMPROMISED?! Mike On 9/12/06, Rob Bosch <robbosch@msn.com> wrote: > Sshd will spawn processes that deal with individual connections so even > though you stop the service there may still be sshd processes running. The > way to tell if your sshd daemon is stopped is to run a netstat -a | find > "ssh" | find "LISTEN". This will only find sshd processes that are > listening for new connections and not the ones that are established to deal > with existing ssh connections. > > I've experienced connection problems from time to time with sshd on cygwin. > Almost always this is either due to high load on the receiving server and it > just can't handle it, or a problem with the network connection. > > Are your connections all on the LAN or WAN? > > > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Potential bug in sshd 2006-09-12 14:43 ` Michael Sowka @ 2006-09-12 14:50 ` Dave Korn 2006-09-12 18:15 ` Michael Sowka 2006-09-12 17:09 ` Tristen Hayfield 1 sibling, 1 reply; 11+ messages in thread From: Dave Korn @ 2006-09-12 14:50 UTC (permalink / raw) To: cygwin On 12 September 2006 15:43, Michael Sowka wrote: > ! One thing I did notice as I was looking for logs to send in to the > list is that the System Events log is that recently I've had a barrage > of attempted break-ins via ssh (failed logins as root, admin, etc.). I > trust that OpenSSH is pretty solid, have experienced this before, and > don't make too much of it... but could this have melted my system?! Very very unlikely. The failed logins are simple crude automated bruteforceing worms out there; they've got a list of common passwords and a list of common usernames and they try every combination. If your password isn't something fairly obvious, you'll be fine. > Finding useful info was easy enough (/var/log/ssh), here is an > excerpt. Speculation: this does seem to support the symptoms I'm > having (dropped connections from "worker" threads, no response, etc.). > I don't "read" Win32 logs but I have a hunch someone can ID this > problem on the spot. > > 4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error > - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed > 2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32 > error 0 59 [main] sshd 4368 child_copy: linked dll data write copy > failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error > 487 > 3757715 [main] sshd 4368 child_copy: linked dll data write copy > failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error > 487 > 24253452 [main] sshd 4368 child_copy: linked dll data write copy > failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error > 487 Did you try rebaseall yet? These are basically the standard cygwin errors that you get when something is causing the process memory space of a child process to not match the layout of the parent processes address space. > HAS MY SYSTEM BEEN COMPROMISED?! Not the slightest reason to belive so from anything you've described so far. Don't panic! BTW, if you have a Logitech webcam, now would be a good time to disable the associated "Logitech Process Monitor" service. Or is there anything else by the way of hardware/software that you've installed just recently? cheers, DaveK -- Can't think of a witty .sigline today.... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Potential bug in sshd 2006-09-12 14:50 ` Dave Korn @ 2006-09-12 18:15 ` Michael Sowka 0 siblings, 0 replies; 11+ messages in thread From: Michael Sowka @ 2006-09-12 18:15 UTC (permalink / raw) To: dave.korn; +Cc: cygwin Dave, > BTW, if you have a Logitech webcam, now would be a good time to disable the > associated "Logitech Process Monitor" service. Or is there anything else by > the way of hardware/software that you've installed just recently? YOU NAILED IT That was my next step... couple of days ago I wasted a good deal of time trying to install QuickCam drivers and software. I never managed to get the camera working. From the experience and from googling around I don't have the best impression of Logitech software and had a hunch that may be it. Turned off LPM service and my sshd works! I don't suppose You know how to get the actual camera working (pointer to a website)? ;) THANKS, Mike -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Potential bug in sshd 2006-09-12 14:43 ` Michael Sowka 2006-09-12 14:50 ` Dave Korn @ 2006-09-12 17:09 ` Tristen Hayfield 1 sibling, 0 replies; 11+ messages in thread From: Tristen Hayfield @ 2006-09-12 17:09 UTC (permalink / raw) To: cygwin Michael Sowka wrote: > Thanks Rob, > > Ah yes, this explains the "zombie" processes as I cannot make actual > client connections. > > Something is very bizarre with my cygwin setup here. I've noticed > other symptoms too: on reinstalling cygwin the info-update and cygwing > post-install scripts hang. In fact, after the cygwin install > supposedly finished, on logging out windows complained that 'cygwin > post-install scripts' were still up and it couldn't kill them. I have had this problem too before with hanging scripts. After looking at the offending scripts, I determined that they all had for-loops, and they were hanging while executing them. I then reformatted the for-loops from: for file in ${glob}; do ... to: for file in ${glob} do ... and they worked. Give it a try, but of course, since I can't claim to understand the cause of this issue, YMMV. Tristen -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <000201c6d68c$e70640b0$0300a8c0@iPremise.local>]
* RE: Potential bug in sshd [not found] <000201c6d68c$e70640b0$0300a8c0@iPremise.local> @ 2006-09-12 17:00 ` Rob Bosch 0 siblings, 0 replies; 11+ messages in thread From: Rob Bosch @ 2006-09-12 17:00 UTC (permalink / raw) To: 'Rob Bosch', dave.korn; +Cc: cygwin Sorry, I thought it was a different thread but that whole copy/pasting thing, I've always struggled with it! :) Rob On 12 September 2006 16:58, Rob Bosch wrote: > Dave is cross-referencing > http://cygwin.com/ml/cygwin/2006-09/msg00194.html :) That's a slightly roundabout way of saying "replying to"! (Well, actually, it doesn't mean the same thing at all ...) cheers, DaveK -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <91dd2cd50609120741qbe4d430h84fab3eb3442b874@mail.gmail.com>]
[parent not found: <000101c6d684$3cd188f0$0300a8c0@iPremise.local>]
* RE: Potential bug in sshd [not found] ` <000101c6d684$3cd188f0$0300a8c0@iPremise.local> @ 2006-09-12 15:58 ` Rob Bosch 2006-09-12 16:50 ` Dave Korn 0 siblings, 1 reply; 11+ messages in thread From: Rob Bosch @ 2006-09-12 15:58 UTC (permalink / raw) To: 'Michael Sowka'; +Cc: cygwin Not sure about the error. Dave is cross-referencing http://cygwin.com/ml/cygwin/2006-09/msg00194.html which doesn't show a resolution. What service account do you have sshd running under? Are you sure there are no permission issues with this account? I'd recommend only allowing ssh connections from known IP's at the firewall level. We see a lot of hack attempts from worms and malicious folks from other countries trying to get into the ssh port. Dave's right, passwords will protect you but we just lock down the inbound IP's so we don't have to worry about the hacking attempts. The error is beyond my knowledge...sorry. -----Original Message----- From: Michael Sowka [mailto:msowka@gmail.com] Sent: Tuesday, September 12, 2006 8:42 AM To: Rob Bosch Subject: Re: Potential bug in sshd Thanks Rob, Ah yes, this explains the "zombie" processes as I cannot make actual client connections. Something is very bizarre with my cygwin setup here. I've noticed other symptoms too: on reinstalling cygwin the info-update and cygwing post-install scripts hang. In fact, after the cygwin install supposedly finished, on logging out windows complained that 'cygwin post-install scripts' were still up and it couldn't kill them. So it seems that on attempting to connect the sshd thread hangs too "unexpectedly closing the connection" or sometimes just hanging the client. To answer your question Rob, no I have not experienced any other network problems, or unusually high traffic (this is my desktop machine). Plus, I'm trying to do this from/to localhost. ! One thing I did notice as I was looking for logs to send in to the list is that the System Events log is that recently I've had a barrage of attempted break-ins via ssh (failed logins as root, admin, etc.). I trust that OpenSSH is pretty solid, have experienced this before, and don't make too much of it... but could this have melted my system?! Finding useful info was easy enough (/var/log/ssh), here is an excerpt. Speculation: this does seem to support the symptoms I'm having (dropped connections from "worker" threads, no response, etc.). I don't "read" Win32 logs but I have a hunch someone can ID this problem on the spot. 4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed 2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32 error 0 59 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 3757715 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 24253452 [main] sshd 4368 child_copy: linked dll data write copy failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error 487 HAS MY SYSTEM BEEN COMPROMISED?! Mike On 9/12/06, Rob Bosch <robbosch@msn.com> wrote: > Sshd will spawn processes that deal with individual connections so even > though you stop the service there may still be sshd processes running. The > way to tell if your sshd daemon is stopped is to run a netstat -a | find > "ssh" | find "LISTEN". This will only find sshd processes that are > listening for new connections and not the ones that are established to deal > with existing ssh connections. > > I've experienced connection problems from time to time with sshd on cygwin. > Almost always this is either due to high load on the receiving server and it > just can't handle it, or a problem with the network connection. > > Are your connections all on the LAN or WAN? > > > > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Potential bug in sshd 2006-09-12 15:58 ` Rob Bosch @ 2006-09-12 16:50 ` Dave Korn 0 siblings, 0 replies; 11+ messages in thread From: Dave Korn @ 2006-09-12 16:50 UTC (permalink / raw) To: cygwin On 12 September 2006 16:58, Rob Bosch wrote: > Dave is cross-referencing > http://cygwin.com/ml/cygwin/2006-09/msg00194.html :) That's a slightly roundabout way of saying "replying to"! (Well, actually, it doesn't mean the same thing at all ...) cheers, DaveK -- Can't think of a witty .sigline today.... -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Potential bug in sshd @ 2006-09-11 15:40 Michael Sowka 2006-09-11 16:20 ` Christopher Faylor 0 siblings, 1 reply; 11+ messages in thread From: Michael Sowka @ 2006-09-11 15:40 UTC (permalink / raw) To: cygwin Hello, ... just when I thought I was nicely settled with WinXP and Cygwin (being obligated to use Windows, cygwin makes the experience more bearable ;) )... I don't consider myself a newbie, but we'll soon find out. I've installed cygwin on a number of computers I frequently 'ssh'/'scp' to/from. The setup is straight forward (time saving guide here: http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time when I tried to change user groups manually and had to revert back to get sshd working again, things have been running smooth. Until, today my work desktop decided to spontaneously stop serving me ssh. Symptoms on the client side (putty from/to localhost, eliminating network problems) vary: - "Server unexpectedly closed network connection" - or simply times out When I 'net stop sshd' it stops "successfully" but then starting again fails. On inspecting Task Manager I find that sshd is still running :|. Ending the process, starting sshd service again has no effect. I have gone as far as cleaning out cygwin from my system, completely following the guide in the FAQ, and reinstalling to no effect. This makes me think that there must be some glitch/registry setting/new software I installed that's triggering some fault in cygwin/sshd. I have the latest cygwin, but here are the obligatory version numbers: cygwin : 1.5.21-2 openssh 4.3p2-3 Please tell me where to pull logs / debugging output from and I will send them your way. Thanks, Mike -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Potential bug in sshd 2006-09-11 15:40 Michael Sowka @ 2006-09-11 16:20 ` Christopher Faylor 2006-09-11 16:57 ` Michael Sowka 0 siblings, 1 reply; 11+ messages in thread From: Christopher Faylor @ 2006-09-11 16:20 UTC (permalink / raw) To: cygwin Please don't send the same message twice. On Mon, Sep 11, 2006 at 11:39:53AM -0400, Michael Sowka wrote: >... just when I thought I was nicely settled with WinXP and Cygwin >(being obligated to use Windows, cygwin makes the experience more >bearable ;) )... > >I don't consider myself a newbie, but we'll soon find out. I've >installed cygwin on a number of computers I frequently 'ssh'/'scp' >to/from. The setup is straight forward (time saving guide here: >http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time >when I tried to change user groups manually and had to revert back to >get sshd working again, things have been running smooth. >[snip] >Problem reports: http://cygwin.com/problems.html If you are having problems with the instructions you found at a web site you should contact the person responsible for the instructions: nfong AT pigtail DOT net. cgf -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Potential bug in sshd 2006-09-11 16:20 ` Christopher Faylor @ 2006-09-11 16:57 ` Michael Sowka 0 siblings, 0 replies; 11+ messages in thread From: Michael Sowka @ 2006-09-11 16:57 UTC (permalink / raw) To: cygwin Sorry about the double-post everyone. Because I sent the first email from a non list-registered address and assumed it wouldn't get through, I resent it from the address that I actually registered with Sorry, Mike On 9/11/06, Christopher Faylor <cgf-no-personal-reply-please@cygwin.com> wrote: > Please don't send the same message twice. > > On Mon, Sep 11, 2006 at 11:39:53AM -0400, Michael Sowka wrote: > >... just when I thought I was nicely settled with WinXP and Cygwin > >(being obligated to use Windows, cygwin makes the experience more > >bearable ;) )... > > > >I don't consider myself a newbie, but we'll soon find out. I've > >installed cygwin on a number of computers I frequently 'ssh'/'scp' > >to/from. The setup is straight forward (time saving guide here: > >http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time > >when I tried to change user groups manually and had to revert back to > >get sshd working again, things have been running smooth. > >[snip] > >Problem reports: http://cygwin.com/problems.html > > If you are having problems with the instructions you found at a web > site you should contact the person responsible for the instructions: > > nfong AT pigtail DOT net. > > cgf > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2006-09-12 18:15 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <000001c6d676$223a5110$0300a8c0@iPremise.local> 2006-09-12 14:17 ` Potential bug in sshd Rob Bosch 2006-09-12 14:43 ` Michael Sowka 2006-09-12 14:50 ` Dave Korn 2006-09-12 18:15 ` Michael Sowka 2006-09-12 17:09 ` Tristen Hayfield [not found] <000201c6d68c$e70640b0$0300a8c0@iPremise.local> 2006-09-12 17:00 ` Rob Bosch [not found] <91dd2cd50609120741qbe4d430h84fab3eb3442b874@mail.gmail.com> [not found] ` <000101c6d684$3cd188f0$0300a8c0@iPremise.local> 2006-09-12 15:58 ` Rob Bosch 2006-09-12 16:50 ` Dave Korn 2006-09-11 15:40 Michael Sowka 2006-09-11 16:20 ` Christopher Faylor 2006-09-11 16:57 ` Michael Sowka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).