* Re: Cygwin sshd broken by seemingly trivial network change [not found] <16d39bf2-36c8-2688-e892-c2e126728462.ref@bellsouth.net> @ 2020-12-18 5:59 ` Charles Russell 0 siblings, 0 replies; 10+ messages in thread From: Charles Russell @ 2020-12-18 5:59 UTC (permalink / raw) To: cygwin cygwin On 12/17/2020 3:09 PM, Brian Inglis wrote: > Have you checked your new router to see what default rules are enabled > there? The router firewall is disabled. (I have a another router serving as a firewall between it and the modem.) Besides, all hosts are on the local side of the new router, and disabling the Windows firewall eliminates the problem. _____________________ On 12/17/2020 3:23 PM, Bill Stewart wrote: > > If it works when you disable the firewall, then (to state the obvious, > sorry) there is a rule in the firewall that is blocking the traffic. So far so good. > I would suggest to examine all of the rules carefully. I say this > because it is happened to me before, and I could have sworn that I > looked at all of the rules. I've looked at Advanced Settings; Incoming Rules and I've looked at the output of netsh advfirewall firewall show rule name=all What else is there to look at in Windows 7 Home? This is doubly frustrating because Cygwin sshd has been running properly for 10 years on one of these computers and 8 years on the other. Perhaps I should reset the firewalls to default, but that will break other things. ____________ On 12/17/2020 3:24 PM, Erik Soderquist wrote: > I've had weird instances where the Windows Firewall tools lied; I > confirmed this by temporarily shutting down the Windows Firewall > entirely, then restarting the service having problems and retesting. > On retest, it worked fine, confirming it was the firewall causing the > problem. I didn't have to restart sshd; I could connect as soon as I disabled Windows Firewall. > > What exactly the problem was varied (this has happened many many times > to me)... In some cases it was the rule definition for the scope not > matching the actual network, in some cases I could not find any real > issue, but deleting and recreating the rules fixed the issue, in a few > cases, I also found a deny rule that somehow matched the service > having problems, and deny rules take precedence over allow rules. One > example of the conflict could be "sshd allowed" vs "port 22 denied"; > the deny would take precedence. I don't see any way to set port rules in Windows 7 Home, and none are visible in the list of incoming rules. I could not delete sshd, only disable it, even as administrator. (The delete button was grayed out). I disabled it, rebooted, then enabled it. That didn't help. ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <b39ae638-12e2-d84d-135f-bd524a9ae8ff.ref@bellsouth.net>]
* Re: Cygwin sshd broken by seemingly trivial network change [not found] <b39ae638-12e2-d84d-135f-bd524a9ae8ff.ref@bellsouth.net> @ 2020-12-18 21:05 ` Charles Russell 2020-12-18 23:38 ` Erik Soderquist 2020-12-20 18:51 ` Andrey Repin 0 siblings, 2 replies; 10+ messages in thread From: Charles Russell @ 2020-12-18 21:05 UTC (permalink / raw) To: cygwin cygwin SOLVED On 12/17/2020 3:24 PM, Erik Soderquist wrote: > in some cases I could not find any real > issue, but deleting and recreating the rules fixed the issue. That did the trick: simply deleting and reinstating the firewall settings for sshd solved the problem on both computers. I had trouble deleting them initially, but this worked: Select control panel; windows firewall; advanced settings (If you have done something else under windows firewall before selecting advanced settings, you may not be asked for an administrative password. In that case, go back to control panel and start over.) Now select sshd, and in the right hand "actions" panel will appear an option to delete it. After deletion, go back to Allow a Program through Windows Firewall, then reinstall it. (Windows would not let me do this until after rebooting, which I found out the hard way. Instead of a message, it would just beep with each letter while I entered the administrative password, and then reject the password. One of the nicest things about Cygwin is keeping Windows at arm's length.) These steps fixed the problem on both computers. Why the minor network change precipitated the problem remains a mystery. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-18 21:05 ` Charles Russell @ 2020-12-18 23:38 ` Erik Soderquist 2020-12-20 18:51 ` Andrey Repin 1 sibling, 0 replies; 10+ messages in thread From: Erik Soderquist @ 2020-12-18 23:38 UTC (permalink / raw) To: cygwin cygwin On Fri, Dec 18, 2020 at 4:06 PM Charles Russell <redacted> wrote: > > SOLVED > > On 12/17/2020 3:24 PM, Erik Soderquist wrote: > > > in some cases I could not find any real > > issue, but deleting and recreating the rules fixed the issue. > > That did the trick: simply deleting and reinstating the firewall > settings for sshd solved the problem on both computers. Gotta love Microsoft; it's in the license agreement!! ;) I'm glad it's working now. -- Erik ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-18 21:05 ` Charles Russell 2020-12-18 23:38 ` Erik Soderquist @ 2020-12-20 18:51 ` Andrey Repin 2020-12-20 22:43 ` Charles Russell 1 sibling, 1 reply; 10+ messages in thread From: Andrey Repin @ 2020-12-20 18:51 UTC (permalink / raw) To: Charles Russell, cygwin Greetings, Charles Russell! > SOLVED > On 12/17/2020 3:24 PM, Erik Soderquist wrote: >> in some cases I could not find any real >> issue, but deleting and recreating the rules fixed the issue. > That did the trick: simply deleting and reinstating the firewall > settings for sshd solved the problem on both computers. Told you just crate port rule. Program rules are created for specific program image. Even rebase could change that. -- With best regards, Andrey Repin Sunday, December 20, 2020 21:50:23 Sorry for my terrible english... ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-20 18:51 ` Andrey Repin @ 2020-12-20 22:43 ` Charles Russell 0 siblings, 0 replies; 10+ messages in thread From: Charles Russell @ 2020-12-20 22:43 UTC (permalink / raw) To: cygwin On 12/20/2020 12:51 PM, Andrey Repin wrote: > Greetings, Charles Russell! > >> SOLVED > >> On 12/17/2020 3:24 PM, Erik Soderquist wrote: > > >> in some cases I could not find any real > >> issue, but deleting and recreating the rules fixed the issue. > >> That did the trick: simply deleting and reinstating the firewall >> settings for sshd solved the problem on both computers. > > Told you just crate port rule. > Program rules are created for specific program image. Even rebase could change > that. > > Thanks. I'll try that next time. I found where to create port rules in Windows 7 Home Premium. Never have used them before in Windows and didn't know it was even possible in the cheap version. ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <f0d79cb1-3f57-097d-ef43-86238437ef2e.ref@bellsouth.net>]
* Re: Cygwin sshd broken by seemingly trivial network change [not found] <f0d79cb1-3f57-097d-ef43-86238437ef2e.ref@bellsouth.net> @ 2020-12-17 17:44 ` Charles Russell 2020-12-17 17:49 ` Bill Stewart 0 siblings, 1 reply; 10+ messages in thread From: Charles Russell @ 2020-12-17 17:44 UTC (permalink / raw) To: cygwin cygwin On 12/16/2020 9:37 AM, worsafe@bellsouth.net wrote: > While installing a new router, I changed my local network from > 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on > both of my remote computers, but only for Cygwin; sshd works fine if I > boot the remote computer from a linux thumb drive. I have noticed no > other problems with the new network configuration. > ------- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > ---------- The last line was a giveaway. The problem is with the Windows firewall. However, I have found no remedy apart from totally disabling the firewall. The old settings no longer work: sshd is enabled for both private and public networks, but the firewall is still blocking access. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-17 17:44 ` Charles Russell @ 2020-12-17 17:49 ` Bill Stewart 0 siblings, 0 replies; 10+ messages in thread From: Bill Stewart @ 2020-12-17 17:49 UTC (permalink / raw) To: cygwin On Thu, Dec 17, 2020 at 10:44 AM Charles Russell wrote: > The last line was a giveaway. The problem is with the Windows firewall. > However, I have found no remedy apart from totally disabling the > firewall. The old settings no longer work: sshd is enabled for both > private and public networks, but the firewall is still blocking access. If you ever got a GUI pop-up in Windows requesting access and you canceled the dialog, I have noticed that Windows will add a "deny" rule to the firewall. Make sure to look carefully through all of the firewall rules and check whether there is a rule blocking that executable or port. Just something to check. Bill ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <13d8e55e-bd07-24b7-628c-fa091f1c8401.ref@bellsouth.net>]
* Cygwin sshd broken by seemingly trivial network change [not found] <13d8e55e-bd07-24b7-628c-fa091f1c8401.ref@bellsouth.net> @ 2020-12-16 15:37 ` worsafe 2020-12-17 17:22 ` Stephen Carrier 2020-12-18 8:29 ` Andrey Repin 0 siblings, 2 replies; 10+ messages in thread From: worsafe @ 2020-12-16 15:37 UTC (permalink / raw) To: cygwin cygwin While installing a new router, I changed my local network from 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on both of my remote computers, but only for Cygwin; sshd works fine if I boot the remote computer from a linux thumb drive. I have noticed no other problems with the new network configuration. -------- ssh -vvv does not give any messages that look useful to me. Authentication problems usually give some useful message, but this seems to fail before getting that far: ssh -vvv $ASUS12 OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /home/cdr/.ssh/config debug1: /home/cdr/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh_config debug2: resolve_canonicalize: hostname 192.168.50.105 is address debug2: ssh_connect_direct debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. debug1: connect to address 192.168.50.105 port 22: Connection timed out ssh: connect to host 192.168.50.105 port 22: Connection timed out ----------- The server is running, as confirmed by cyrunsrv -Q sshd. /var/log/sshd.log is an empty file. ------- nmap shows port 22 open on the remote server: nmap -p22 $ASUS12 Nmap scan report for asus12 (192.168.50.105) Host is up (0.13s latency). PORT STATE SERVICE 22/tcp filtered ssh ---------- However, telnet fails before returning the expected header string: telnet $ASUS12 22 Connecting To 192.168.50.105...Could not open connection to the host, on port 22 : Connect failed (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2") ------- I can't think what to try short of reinstalling sshd. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-16 15:37 ` worsafe @ 2020-12-17 17:22 ` Stephen Carrier 2020-12-18 8:29 ` Andrey Repin 1 sibling, 0 replies; 10+ messages in thread From: Stephen Carrier @ 2020-12-17 17:22 UTC (permalink / raw) To: worsafe; +Cc: cygwin cygwin On Wed, Dec 16, 2020 at 09:37:08AM -0600, worsafe@bellsouth.net wrote: > While installing a new router, I changed my local network from 192.168.4.* > to 192.168.50.*. This seems to have broken Cygwin sshd on both of my remote > computers, but only for Cygwin; sshd works fine if I boot the remote > computer from a linux thumb drive. I have noticed no other problems with the > new network configuration. > -------- > ssh -vvv does not give any messages that look useful to me. Authentication > problems usually give some useful message, but this seems to fail before > getting that far: > > ssh -vvv $ASUS12 > OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 > debug1: Reading configuration data /home/cdr/.ssh/config > debug1: /home/cdr/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh_config > debug2: resolve_canonicalize: hostname 192.168.50.105 is address > debug2: ssh_connect_direct > debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. > debug1: connect to address 192.168.50.105 port 22: Connection timed out > ssh: connect to host 192.168.50.105 port 22: Connection timed out > ----------- > The server is running, as confirmed by cyrunsrv -Q sshd. > /var/log/sshd.log is an empty file. > ------- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > ---------- > However, telnet fails before returning the expected header string: > telnet $ASUS12 22 > Connecting To 192.168.50.105...Could not open connection to the host, on > port 22 > : Connect failed > (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 > Debian-10+deb10u2") > ------- I think 'filtered' means there is something in the way. Is all this on the same LAN but with a new router? Are the connections wireless? I would try the telnet test from the server itself, both to its external address and to localhost. All in search of clues. This seems like a networking issue or a specific configuration on the server that limits client access or listening ports. Stephen > I can't think what to try short of reinstalling sshd. > > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Cygwin sshd broken by seemingly trivial network change 2020-12-16 15:37 ` worsafe 2020-12-17 17:22 ` Stephen Carrier @ 2020-12-18 8:29 ` Andrey Repin 1 sibling, 0 replies; 10+ messages in thread From: Andrey Repin @ 2020-12-18 8:29 UTC (permalink / raw) To: worsafe, cygwin Greetings, worsafe@bellsouth.net! > While installing a new router, I changed my local network from > 192.168.4.* to 192.168.50.*. This seems to have broken Cygwin sshd on > both of my remote computers, but only for Cygwin; sshd works fine if I > boot the remote computer from a linux thumb drive. I have noticed no > other problems with the new network configuration. > -------- > ssh -vvv does not give any messages that look useful to me. > Authentication problems usually give some useful message, but this seems > to fail before getting that far: > ssh -vvv $ASUS12 > OpenSSH_8.3p1, OpenSSL 1.1.1f 31 Mar 2020 > debug1: Reading configuration data /home/cdr/.ssh/config > debug1: /home/cdr/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh_config > debug2: resolve_canonicalize: hostname 192.168.50.105 is address > debug2: ssh_connect_direct > debug1: Connecting to 192.168.50.105 [192.168.50.105] port 22. > debug1: connect to address 192.168.50.105 port 22: Connection timed out > ssh: connect to host 192.168.50.105 port 22: Connection timed out > ----------- > The server is running, as confirmed by cyrunsrv -Q sshd. > /var/log/sshd.log is an empty file. > ------- > nmap shows port 22 open on the remote server: > nmap -p22 $ASUS12 > Nmap scan report for asus12 (192.168.50.105) > Host is up (0.13s latency). > PORT STATE SERVICE > 22/tcp filtered ssh > ---------- > However, telnet fails before returning the expected header string: > telnet $ASUS12 22 > Connecting To 192.168.50.105...Could not open connection to the host, on > port 22 > : Connect failed > (For comparison, linux returns the string "SSH-2.0-OpenSSH_7.9p1 > Debian-10+deb10u2") > ------- > I can't think what to try short of reinstalling sshd. Re-cehck the windows firewall settings. Manually open port 22 for incoming connections regardless of the app it is using or any addresses. -- With best regards, Andrey Repin Friday, December 18, 2020 11:28:10 Sorry for my terrible english... ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-12-20 22:43 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <16d39bf2-36c8-2688-e892-c2e126728462.ref@bellsouth.net> 2020-12-18 5:59 ` Cygwin sshd broken by seemingly trivial network change Charles Russell [not found] <b39ae638-12e2-d84d-135f-bd524a9ae8ff.ref@bellsouth.net> 2020-12-18 21:05 ` Charles Russell 2020-12-18 23:38 ` Erik Soderquist 2020-12-20 18:51 ` Andrey Repin 2020-12-20 22:43 ` Charles Russell [not found] <f0d79cb1-3f57-097d-ef43-86238437ef2e.ref@bellsouth.net> 2020-12-17 17:44 ` Charles Russell 2020-12-17 17:49 ` Bill Stewart [not found] <13d8e55e-bd07-24b7-628c-fa091f1c8401.ref@bellsouth.net> 2020-12-16 15:37 ` worsafe 2020-12-17 17:22 ` Stephen Carrier 2020-12-18 8:29 ` Andrey Repin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).