Re: Cygwin sshd broken by seemingly trivial network change

Re: Cygwin sshd broken by seemingly trivial network change

[Charles Russell]

On 12/17/2020 3:09 PM, Brian Inglis wrote:

> Have you checked your new router to see what default rules are enabled
> there?

The router firewall is disabled. (I have a another router serving as a 
firewall between it and the modem.) Besides, all hosts are on the local 
side of the new router, and disabling the Windows firewall eliminates 
the problem.
_____________________
On 12/17/2020 3:23 PM, Bill Stewart wrote:
>
> If it works when you disable the firewall, then (to state the obvious,
> sorry) there is a rule in the firewall that is blocking the traffic.

So far so good.

> I would suggest to examine all of the rules carefully. I say this
> because it is happened to me before, and I could have sworn that I
> looked at all of the rules.

I've looked at
   Advanced Settings; Incoming Rules
and I've looked at the output of
   netsh advfirewall firewall show rule name=all

What else is there to look at in Windows 7 Home?

This is doubly frustrating because Cygwin sshd has been running properly 
for 10 years on one of these computers and 8 years on the other. Perhaps 
I should reset the firewalls to default, but that will break other things.
____________

On 12/17/2020 3:24 PM, Erik Soderquist wrote:

> I've had weird instances where the Windows Firewall tools lied; I
> confirmed this by temporarily shutting down the Windows Firewall
> entirely, then restarting the service having problems and retesting.
> On retest, it worked fine, confirming it was the firewall causing the
> problem.

I didn't have to restart sshd; I could connect as soon as I disabled 
Windows Firewall.

>
> What exactly the problem was varied (this has happened many many times
> to me)...  In some cases it was the rule definition for the scope not
> matching the actual network, in some cases I could not find any real
> issue, but deleting and recreating the rules fixed the issue, in a few
> cases, I also found a deny rule that somehow matched the service
> having problems, and deny rules take precedence over allow rules.  One
> example of the conflict could be "sshd allowed" vs "port 22 denied";
> the deny would take precedence.

I don't see any way to set port rules in Windows 7 Home, and none are 
visible in the list of incoming rules.

I could not delete sshd, only disable it, even as administrator. (The 
delete button was grayed out).  I disabled it, rebooted, then enabled 
it. That didn't help.

Re: Cygwin sshd broken by seemingly trivial network change

[Charles Russell]

On 12/20/2020 12:51 PM, Andrey Repin wrote:
> Greetings, Charles Russell!
> 
>> SOLVED
> 
>> On 12/17/2020 3:24 PM, Erik Soderquist wrote:
> 
>   >> in some cases I could not find any real
>   >> issue, but deleting and recreating the rules fixed the issue.
> 
>> That did the trick: simply deleting and reinstating the firewall
>> settings for sshd solved the problem on both computers.
> 
> Told you just crate port rule.
> Program rules are created for specific program image. Even rebase could change
> that.
> 
> 
Thanks. I'll try that next time. I found where to create port rules in 
Windows 7 Home Premium. Never have used them before in Windows and 
didn't know it was even possible in the cheap version.

Re: Cygwin sshd broken by seemingly trivial network change

[Andrey Repin]

Greetings, Charles Russell!

> SOLVED

> On 12/17/2020 3:24 PM, Erik Soderquist wrote:

 >> in some cases I could not find any real
 >> issue, but deleting and recreating the rules fixed the issue.

> That did the trick: simply deleting and reinstating the firewall 
> settings for sshd solved the problem on both computers.

Told you just crate port rule.
Program rules are created for specific program image. Even rebase could change
that.


-- 
With best regards,
Andrey Repin
Sunday, December 20, 2020 21:50:23

Sorry for my terrible english...

Re: Cygwin sshd broken by seemingly trivial network change

[Erik Soderquist]

On Fri, Dec 18, 2020 at 4:06 PM Charles Russell <redacted> wrote:
>
> SOLVED
>
> On 12/17/2020 3:24 PM, Erik Soderquist wrote:
>
>  > in some cases I could not find any real
>  > issue, but deleting and recreating the rules fixed the issue.
>
> That did the trick: simply deleting and reinstating the firewall
> settings for sshd solved the problem on both computers.

Gotta love Microsoft; it's in the license agreement!!  ;)

I'm glad it's working now.

-- Erik

Re: Cygwin sshd broken by seemingly trivial network change

[Charles Russell]

SOLVED

On 12/17/2020 3:24 PM, Erik Soderquist wrote:

 > in some cases I could not find any real
 > issue, but deleting and recreating the rules fixed the issue.

That did the trick: simply deleting and reinstating the firewall 
settings for sshd solved the problem on both computers.

I had trouble deleting them initially, but this worked:

Select control panel; windows firewall; advanced settings
(If you have done something else under windows firewall before selecting 
advanced settings, you may not be asked for an administrative password. 
In that case, go back to control panel and start over.) Now select sshd, 
and in the right hand "actions" panel will appear an option to delete it.

After deletion, go back to Allow a Program through Windows Firewall, 
then reinstall it. (Windows would not let me do this until after 
rebooting, which I found out the hard way. Instead of a message, it 
would just beep with each letter while I entered the administrative 
password, and then reject the password. One of the nicest things about 
Cygwin is keeping Windows at arm's length.)

These steps fixed the problem on both computers. Why the minor network 
change precipitated the problem remains a mystery.

Re: Cygwin sshd broken by seemingly trivial network change

[Andrey Repin]

Greetings, worsafe@bellsouth.net!

> While installing a new router, I changed my local network from 
> 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on 
> both of my remote computers, but only for Cygwin; sshd works fine if I 
> boot the remote computer from a linux thumb drive. I have noticed no 
> other problems with the new network configuration.
> --------
> ssh -vvv does not give any messages that look useful to me. 
> Authentication problems usually give some useful message, but this seems 
> to fail before getting that far:

> ssh -vvv $ASUS12
> OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
> debug1: Reading configuration data /home/cdr/.ssh/config
> debug1: /home/cdr/.ssh/config line 1: Applying options for *
> debug1: Reading configuration data /etc/ssh_config
> debug2: resolve_canonicalize: hostname 192.168.50.105 is address
> debug2: ssh_connect_direct
> debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22.
> debug1: connect to address 192.168.50.105 port 22: Connection timed out
> ssh: connect to host 192.168.50.105 port 22: Connection timed out
> -----------
> The server is running, as confirmed by cyrunsrv -Q sshd.
> /var/log/sshd.log is an empty file.
> -------
> nmap shows port 22 open on the remote server:
> nmap -p22 $ASUS12
> Nmap scan report for asus12 (192.168.50.105)
> Host is up (0.13s latency).
> PORT STATE SERVICE
> 22/tcp filtered ssh
> ----------
> However, telnet fails before returning the expected header string:
> telnet $ASUS12 22
> Connecting To 192.168.50.105...Could not open connection to the host, on 
> port 22
> : Connect failed
> (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 
> Debian-10+deb10u2")
> -------
> I can't think what to try short of reinstalling sshd.

Re-cehck the windows firewall settings.
Manually open port 22 for incoming connections regardless of the app it is
using or any addresses.


-- 
With best regards,
Andrey Repin
Friday, December 18, 2020 11:28:10

Sorry for my terrible english...

Re: Cygwin sshd broken by seemingly trivial network change

[Bill Stewart]

On Thu, Dec 17, 2020 at 10:44 AM Charles Russell wrote:

> The last line was a giveaway.  The problem is with the Windows firewall.
> However, I have found no remedy apart from totally disabling the
> firewall. The old settings no longer work: sshd is enabled for both
> private and public networks, but the firewall is still blocking access.

If you ever got a GUI pop-up in Windows requesting access and you
canceled the dialog, I have noticed that Windows will add a "deny"
rule to the firewall.

Make sure to look carefully through all of the firewall rules and
check whether there is a rule blocking that executable or port.

Just something to check.

Bill

Re: Cygwin sshd broken by seemingly trivial network change

[Charles Russell]

On 12/16/2020 9:37 AM, worsafe@bellsouth.net wrote:
 > While installing a new router, I changed my local network from
 > 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on
 > both of my remote computers, but only for Cygwin; sshd works fine if I
 > boot the remote computer from a linux thumb drive. I have noticed no
 > other problems with the new network configuration.

 > -------
 > nmap shows port 22 open on the remote server:
 > nmap -p22 $ASUS12
 > Nmap scan report for asus12 (192.168.50.105)
 > Host is up (0.13s latency).
 > PORT STATE SERVICE
 > 22/tcp filtered ssh
 > ----------
The last line was a giveaway.  The problem is with the Windows firewall. 
However, I have found no remedy apart from totally disabling the 
firewall. The old settings no longer work: sshd is enabled for both 
private and public networks, but the firewall is still blocking access.

Re: Cygwin sshd broken by seemingly trivial network change

[Stephen Carrier]

On Wed, Dec 16, 2020 at 09:37:08AM -0600, worsafe@bellsouth.net wrote:
> While installing a new router, I changed my local network from 192.168.4.*
> to 192.168.50.*. This seems to have broken Cygwin sshd on both of my remote
> computers, but only for Cygwin; sshd works fine if I boot the remote
> computer from a linux thumb drive. I have noticed no other problems with the
> new network configuration.
> --------
> ssh -vvv does not give any messages that look useful to me. Authentication
> problems usually give some useful message, but this seems to fail before
> getting that far:
> 
> ssh -vvv $ASUS12
> OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
> debug1: Reading configuration data /home/cdr/.ssh/config
> debug1: /home/cdr/.ssh/config line 1: Applying options for *
> debug1: Reading configuration data /etc/ssh_config
> debug2: resolve_canonicalize: hostname 192.168.50.105 is address
> debug2: ssh_connect_direct
> debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22.
> debug1: connect to address 192.168.50.105 port 22: Connection timed out
> ssh: connect to host 192.168.50.105 port 22: Connection timed out
> -----------
> The server is running, as confirmed by cyrunsrv -Q sshd.
> /var/log/sshd.log is an empty file.
> -------
> nmap shows port 22 open on the remote server:
> nmap -p22 $ASUS12
> Nmap scan report for asus12 (192.168.50.105)
> Host is up (0.13s latency).
> PORT STATE SERVICE
> 22/tcp filtered ssh
> ----------
> However, telnet fails before returning the expected header string:
> telnet $ASUS12 22
> Connecting To 192.168.50.105...Could not open connection to the host, on
> port 22
> : Connect failed
> (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1
> Debian-10+deb10u2")
> -------

I think 'filtered' means there is something in the way.  Is all this
on the same LAN but with a new router?  Are the connections wireless?
I would try the telnet test from the server itself, both to its external
address and to localhost.  All in search of clues.  This seems like a 
networking issue or a specific configuration on the server that limits
client access or listening ports.

Stephen

> I can't think what to try short of reinstalling sshd.
> 
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

Cygwin sshd broken by seemingly trivial network change

[worsafe]

While installing a new router, I changed my local network from 
192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on 
both of my remote computers, but only for Cygwin; sshd works fine if I 
boot the remote computer from a linux thumb drive. I have noticed no 
other problems with the new network configuration.
--------
ssh -vvv does not give any messages that look useful to me. 
Authentication problems usually give some useful message, but this seems 
to fail before getting that far:

ssh -vvv $ASUS12
OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/cdr/.ssh/config
debug1: /home/cdr/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh_config
debug2: resolve_canonicalize: hostname 192.168.50.105 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22.
debug1: connect to address 192.168.50.105 port 22: Connection timed out
ssh: connect to host 192.168.50.105 port 22: Connection timed out
-----------
The server is running, as confirmed by cyrunsrv -Q sshd.
/var/log/sshd.log is an empty file.
-------
nmap shows port 22 open on the remote server:
nmap -p22 $ASUS12
Nmap scan report for asus12 (192.168.50.105)
Host is up (0.13s latency).
PORT STATE SERVICE
22/tcp filtered ssh
----------
However, telnet fails before returning the expected header string:
telnet $ASUS12 22
Connecting To 192.168.50.105...Could not open connection to the host, on 
port 22
: Connect failed
(For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 
Debian-10+deb10u2")
-------
I can't think what to try short of reinstalling sshd.