SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Carsten.Porzler]

Dear SSH-Users/-developers,

I'm just testing the OpenSSH V.5.1 on Cygwin1.dll V.1.7.0(0.189/5/3) 
2008-12-09.

Unfortunately I have very large logon times (time from entering the 
password until the prompt of the shell appears). The same behaviour 
appears during public key authentification, too.

Infrastructure:
- SSH-Server on a Windows Server 2003 system with SP1/SP2 (independent of 
Windows ServicePack)
- Member in an Active Directory domain
- users in passwd file: mapped to Active Directory domain users

What could be the reason for those large logon times?

On the same systems all elder builds until 2008/06/18 (inclusive) of 
cygwin1.dll with the OpenSSH V.4.6/5.1 work fine. After 2008/06/18 the 
file "cyglsa.dll" change its size rougly (from 4kb to 8kb).

On the SSH-Server system: I can see a lot of access to pipes called 
"<domaincontroller>\PIPE\samr", "<domaincontroller>\PIPE\lsarpc".

Thanks for help in advance and best regards

Carsten Porzler


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Corinna Vinschen]

On Dec 15 12:11, Carsten.Porzler@spb.de wrote:
> Dear SSH-Users/-developers,
> 
> I'm just testing the OpenSSH V.5.1 on Cygwin1.dll V.1.7.0(0.189/5/3) 
> 2008-12-09.
> 
> Unfortunately I have very large logon times (time from entering the 
> password until the prompt of the shell appears). The same behaviour 
> appears during public key authentification, too.

How does that look like?  What's "long"?

> On the same systems all elder builds until 2008/06/18 (inclusive) of 
> cygwin1.dll with the OpenSSH V.4.6/5.1 work fine. After 2008/06/18 the 
> file "cyglsa.dll" change its size rougly (from 4kb to 8kb).

The change in size is normal.  Are you actually using cyglsa.dll?

> On the SSH-Server system: I can see a lot of access to pipes called 
> "<domaincontroller>\PIPE\samr", "<domaincontroller>\PIPE\lsarpc".

This doesn't occur in Cygwin, it's part of how the LSA works.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Corinna Vinschen]

On Dec 15 14:50, Corinna Vinschen wrote:
> On Dec 15 12:11, Carsten.Porzler@spb.de wrote:
> > Dear SSH-Users/-developers,
> > 
> > I'm just testing the OpenSSH V.5.1 on Cygwin1.dll V.1.7.0(0.189/5/3) 
> > 2008-12-09.
> > 
> > Unfortunately I have very large logon times (time from entering the 
> > password until the prompt of the shell appears). The same behaviour 
> > appears during public key authentification, too.
> 
> How does that look like?  What's "long"?

s/long/large/

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Carsten.Porzler]

Hello, Corinna,

"large" logon time means 45 - 66 secs during public key authentication 
from viewing the banner text until an simple command has been excuted 
(e.g. "uname -a"). Password authentication works faster (about 20 sec), 
but much slower than with cygwin v.1.7.0 2008-06-18 (about 2 sec for 
password and public key authentication).

We actually use cyglsa.dll because we need real user switching with public 
key authentication.

Because of the "large logon time" problems we use the version of 
2008-06-18 and not the newer ones.

I noticed also, that the accesses to the pipes did not appear in the 
cygwin versions before 2008-06-18. Anything seems to be changed after this 
date.

Thanks for your help and best regards 

Carsten Porzler



cygwin-owner@cygwin.com schrieb am 15.12.2008 14:50:47:

> [Bild entfernt] 
> 
> Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very 
> large logon times...
> 
> Corinna Vinschen 
> 
> an:
> 
> cygwin
> 
> 15.12.2008 14:48
> 
> Gesendet von:
> 
> cygwin-owner@cygwin.com
> 
> Bitte Antwort an cygwin
> 
> On Dec 15 12:11, Carsten.Porzler@spb.de wrote:
> > Dear SSH-Users/-developers,
> > 
> > I'm just testing the OpenSSH V.5.1 on Cygwin1.dll V.1.7.0(0.189/5/3) 
> > 2008-12-09.
> > 
> > Unfortunately I have very large logon times (time from entering the 
> > password until the prompt of the shell appears). The same behaviour 
> > appears during public key authentification, too.
> 
> How does that look like?  What's "long"?
> 
> > On the same systems all elder builds until 2008/06/18 (inclusive) of 
> > cygwin1.dll with the OpenSSH V.4.6/5.1 work fine. After 2008/06/18 the 

> > file "cyglsa.dll" change its size rougly (from 4kb to 8kb).
> 
> The change in size is normal.  Are you actually using cyglsa.dll?
> 
> > On the SSH-Server system: I can see a lot of access to pipes called 
> > "<domaincontroller>\PIPE\samr", "<domaincontroller>\PIPE\lsarpc".
> 
> This doesn't occur in Cygwin, it's part of how the LSA works.
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Corinna Vinschen]

Please, don't http://cygwin.com/acronyms/#TOFU



On Dec 15 15:49, Carsten.Porzler wrote:
> Hello, Corinna,
> 
> "large" logon time means 45 - 66 secs during public key authentication 
> from viewing the banner text until an simple command has been excuted 
> (e.g. "uname -a"). Password authentication works faster (about 20 sec), 
> but much slower than with cygwin v.1.7.0 2008-06-18 (about 2 sec for 
> password and public key authentication).

Works fine for me.  A logon takes about 3 secs on my machine...

> We actually use cyglsa.dll because we need real user switching with public 
> key authentication.

...using cyglsa, or, FWIW, any other logon method (create_token,
password in LSA registry).  In theory, the cyglsa DLL doesn't call any
time consuming function.  The main part of the job is already done in
the Cygwin DLL's seteuid() call by the calling server process, sshd in
this case.  I examined the cyglsa.c code once more and there's nothing
in it which would explain the lag you're observing.  The difference in
size is due to a lot of additional debug code which is kept available,
but is inactive.

Did you try to debug this problem yourself in some way?  The source code
of all componentes is freely available, as you might know.  I'm
wondering if something in later Cygwin 1.7 DLLs collides with some stuff
on your machine (firewall, virus checked, whatever) or with some
settings in your environment.  I assume the actual delay occurs in the
Cygwin DLL, not in the cyglsa.dll.  It shouldn't be too hard to find out
where it dawdles if you're willing to invest some time in debugging.

> Because of the "large logon time" problems we use the version of 
> 2008-06-18 and not the newer ones.
> 
> I noticed also, that the accesses to the pipes did not appear in the 
> cygwin versions before 2008-06-18. Anything seems to be changed after this 
> date.

Did you test the next version after that, 2008-07-26?  Does it already
show the pipe access you seem to observe in recent versions?  The latest
Cygwin DLLs add the password in registry stuff which also does some LSA
calls, which might explain some of the LSA pipes.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[tomas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 15, 2008 at 03:49:06PM +0100, Carsten.Porzler@spb.de wrote:
> Hello, Corinna,
> 
> "large" logon time means 45 - 66 secs during public key authentication 
> from viewing the banner text until an simple command has been excuted 
> (e.g. "uname -a").

Hm. This looks a lot like a DNS lookup timeout. Is there anything in the
process where the client would have to  try a DNS lookup? Known hosts
(by name)? Tcpwrappers? Logging?

(Thanks, Corinna for the TOFU :-)

Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJRz55Bcgs9XrR2kYRArywAJ9tRndCV3NKtrMJctixNLLqvnRsIgCeOn9j
xdbtcefQirCMzKylVdH97a8=
=m5mZ
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Carsten.Porzler]

Hello, Corinna,

1. It only takes 3 secs on your machine, but do you logon with an Active 
Directory user? The problem only occurs if the authentication runs against 
a domain controller! If I change the user in my passwd to a local user of 
the server, the logon process works with the regular speed (2 secs) and no 
access to pipes can be seen!

2. The problem occours on cygwin environments after the 2008-06-18 
version! I recognized the behaviour on all of our machines I tested on. 
Until cygwin 2008-06-18 it works fine, on versions after it, the problem 
occurs.

3. Unfortunately I can't debug the problem, because I am not a software 
developer. I can analyze the behaviour of software very exactly, but 
debugging is not my area. I am not experienced enought and it is too time 
consuming. I am a system administrator.

4. Actually I have watched the pipe access on a system running cygwin of 
2008-09-12. There are exact the pipe accesses I reported before 
(\\<domaincontroller>\PIPE\samr, \\<domaincontroller>\PIPE\lsarpc). Many 
of the accesses has done until the logon process finished.

If I see all the reported effects, I have to conclude that something basic 
change after the cygwin version of 2008-06-18!

I do not believe that the reason for the problems are based on our Windows 
enviroment, because all regular Windows logons and the cygwin logons 
recent to version of 2008-06-18 (inclusive) work fine!

If you try to reproduce the problem, test with domain users, not with 
local ones!

Thanks in advance for further help and

best regards

Carsten Porzler


> > Hello, Corinna,
> > 
> > "large" logon time means 45 - 66 secs during public key authentication 

> > from viewing the banner text until an simple command has been excuted 
> > (e.g. "uname -a"). Password authentication works faster (about 20 
sec), 
> > but much slower than with cygwin v.1.7.0 2008-06-18 (about 2 sec for 
> > password and public key authentication).
> 
> Works fine for me.  A logon takes about 3 secs on my machine...
> 
> > We actually use cyglsa.dll because we need real user switching with 
public 
> > key authentication.
> 
> ...using cyglsa, or, FWIW, any other logon method (create_token,
> password in LSA registry).  In theory, the cyglsa DLL doesn't call any
> time consuming function.  The main part of the job is already done in
> the Cygwin DLL's seteuid() call by the calling server process, sshd in
> this case.  I examined the cyglsa.c code once more and there's nothing
> in it which would explain the lag you're observing.  The difference in
> size is due to a lot of additional debug code which is kept available,
> but is inactive.
> 
> Did you try to debug this problem yourself in some way?  The source code
> of all componentes is freely available, as you might know.  I'm
> wondering if something in later Cygwin 1.7 DLLs collides with some stuff
> on your machine (firewall, virus checked, whatever) or with some
> settings in your environment.  I assume the actual delay occurs in the
> Cygwin DLL, not in the cyglsa.dll.  It shouldn't be too hard to find out
> where it dawdles if you're willing to invest some time in debugging.
> 
> > Because of the "large logon time" problems we use the version of 
> > 2008-06-18 and not the newer ones.
> > 
> > I noticed also, that the accesses to the pipes did not appear in the 
> > cygwin versions before 2008-06-18. Anything seems to be changed after 
this 
> > date.
> 
> Did you test the next version after that, 2008-07-26?  Does it already
> show the pipe access you seem to observe in recent versions?  The latest
> Cygwin DLLs add the password in registry stuff which also does some LSA
> calls, which might explain some of the LSA pipes.
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Carsten.Porzler]

Hello, Tomás,

I do not think there is a problem with DNS lookup timeouts!

If it would be so, we must also have the problem with the cygwin prior to 
2008-06-18.

Furthermore, the problem does not occur, if we use local Windows users in 
our passwd file.

Looking at all facts I reported, I have to conclude that the cause for the 
behaviour is in the cygwin environment.

Thanks and 

best regards

Carsten Porzler



> > Hello, Corinna,
> > 
> > "large" logon time means 45 - 66 secs during public key authentication 

> > from viewing the banner text until an simple command has been excuted 
> > (e.g. "uname -a").
> 
> Hm. This looks a lot like a DNS lookup timeout. Is there anything in the
> process where the client would have to  try a DNS lookup? Known hosts
> (by name)? Tcpwrappers? Logging?
> 
> (Thanks, Corinna for the TOFU :-)
> 
> Regards
> - -- tomás
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFJRz55Bcgs9XrR2kYRArywAJ9tRndCV3NKtrMJctixNLLqvnRsIgCeOn9j
> xdbtcefQirCMzKylVdH97a8=
> =m5mZ
> -----END PGP SIGNATURE-----
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Corinna Vinschen]

Hello?  Did you read all of my previous mail?


Please, don't http://cygwin.com/acronyms/#TOFU
==============================================


On Dec 16 09:39, Carsten.Porzler wrote:
> Hello, Corinna,
> 
> 1. It only takes 3 secs on your machine, but do you logon with an Active 
> Directory user?

Yes, against a 2K8 domain server.  Additionally, it doesn't make any
difference whether the user is logged on locally or not.

> 2. The problem occours on cygwin environments after the 2008-06-18 
> version! I recognized the behaviour on all of our machines I tested on. 
> Until cygwin 2008-06-18 it works fine, on versions after it, the problem 
> occurs.

After 2008-06-18 (mainly on 2008-07-09) I changed the code which
verifies user tokens and the code which creates the user token
information (groups and privileges) when using NtCreateToken or
cyglsa.dll.  This code changes were a result of testing password and
public key authentication against the 2K8 AD controller extensively.
The old code was wrong in a way which could screw up password
authentication entirely and could result in crippled group and
privilege lists when using public key auth.

I'm quite confident that the new code is much more correct than the
old code.

> 3. Unfortunately I can't debug the problem, because I am not a software 
> developer. I can analyze the behaviour of software very exactly, but 
> debugging is not my area. I am not experienced enought and it is too time 
> consuming. I am a system administrator.

And you don't have a developer in-house who could help?

I can't reproduce the problem, neither logging in on a domain member
machine, nor on the domain controller.  If you want to find out where
the time is wasted, we would need some figures.  If you can set yourself
up to build the Cygwin DLL and then add some debugging statements at
some places I tell you, we could probably figure out what takes so long
in your environment.

> 4. Actually I have watched the pipe access on a system running cygwin of 
> 2008-09-12. There are exact the pipe accesses I reported before 
> (\\<domaincontroller>\PIPE\samr, \\<domaincontroller>\PIPE\lsarpc). Many 
> of the accesses has done until the logon process finished.

So it's probably related to the sec_auth.cc changes I explaind above.

> If I see all the reported effects, I have to conclude that something basic 
> change after the cygwin version of 2008-06-18!
> 
> I do not believe that the reason for the problems are based on our Windows 
> enviroment, because all regular Windows logons and the cygwin logons 
> recent to version of 2008-06-18 (inclusive) work fine!

What a surprise.  It only occurs in your environment right now, though.

Again, Please don't http://cygwin.com/acronyms/#TOFU


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Carsten.Porzler]

Hello, Corinna,

cygwin-owner@cygwin.com schrieb am 16.12.2008 11:08:05:

> Hello?  Did you read all of my previous mail?
> 
> 
> Please, don't http://cygwin.com/acronyms/#TOFU
> ==============================================
> 

Yes, I read and understand it now!

> 
> On Dec 16 09:39, Carsten.Porzler wrote:
> > Hello, Corinna,
> > 
> > 1. It only takes 3 secs on your machine, but do you logon with an 
Active 
> > Directory user?
> 
> Yes, against a 2K8 domain server.  Additionally, it doesn't make any
> difference whether the user is logged on locally or not.
> 

It could be interesting, if you let it run against a Win2003 server.

> > 2. The problem occours on cygwin environments after the 2008-06-18 
> > version! I recognized the behaviour on all of our machines I tested 
on. 
> > Until cygwin 2008-06-18 it works fine, on versions after it, the 
problem 
> > occurs.
> 
> After 2008-06-18 (mainly on 2008-07-09) I changed the code which
> verifies user tokens and the code which creates the user token
> information (groups and privileges) when using NtCreateToken or
> cyglsa.dll.  This code changes were a result of testing password and
> public key authentication against the 2K8 AD controller extensively.
> The old code was wrong in a way which could screw up password
> authentication entirely and could result in crippled group and
> privilege lists when using public key auth.
> 
> I'm quite confident that the new code is much more correct than the
> old code.
> 

Nice, if the code is more correct than before. But we have the problem 
with the large logon times, yet. I took the cygwin version from 
2009-01-03!

> > 3. Unfortunately I can't debug the problem, because I am not a 
software 
> > developer. I can analyze the behaviour of software very exactly, but 
> > debugging is not my area. I am not experienced enought and it is too 
time 
> > consuming. I am a system administrator.
> 
> And you don't have a developer in-house who could help?
> 
> I can't reproduce the problem, neither logging in on a domain member
> machine, nor on the domain controller.  If you want to find out where
> the time is wasted, we would need some figures.  If you can set yourself
> up to build the Cygwin DLL and then add some debugging statements at
> some places I tell you, we could probably figure out what takes so long
> in your environment.
> 

I just compiled the cygwin sources from the latest snapshot for testing. 
It seems to be working...

So, please tell me the debugging statements I have to insert into the 
source code to figure out where the logon process takes the time.

> > 4. Actually I have watched the pipe access on a system running cygwin 
of 
> > 2008-09-12. There are exact the pipe accesses I reported before 
> > (\\<domaincontroller>\PIPE\samr, \\<domaincontroller>\PIPE\lsarpc). 
Many 
> > of the accesses has done until the logon process finished.
> 
> So it's probably related to the sec_auth.cc changes I explaind above.
> 
> > If I see all the reported effects, I have to conclude that something 
basic 
> > change after the cygwin version of 2008-06-18!
> > 
> > I do not believe that the reason for the problems are based on our 
Windows 
> > enviroment, because all regular Windows logons and the cygwin logons 
> > recent to version of 2008-06-18 (inclusive) work fine!
> 
> What a surprise.  It only occurs in your environment right now, though.
> 
> Again, Please don't http://cygwin.com/acronyms/#TOFU
> 
> 
> Corinna
> 
> -- 
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Project Co-Leader          cygwin AT cygwin DOT com
> Red Hat
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
> 

Thanks a lot in advance and best regards

Carsten Porzler


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: SSH V.5.1 with Cygwin1.dll 1.7.0(0.189/5/3) 2008-12-09: Very large logon times...

[Corinna Vinschen]

On Jan  7 11:02, Carsten.Porzler@spb.de wrote:
> I just compiled the cygwin sources from the latest snapshot for testing. 
> It seems to be working...
> 
> So, please tell me the debugging statements I have to insert into the 
> source code to figure out where the logon process takes the time.

The idea is to add statements along these lines

  debug_printf ("CHECKPOINT 1");
  debug_printf ("CHECKPOINT 2");
  debug_printf ("CHECKPOINT 3");
  [...]

liberally across the functions in the winsup/cygwin/sec_auth.cc file,
with the starting point being the function lsaauth(), line 912 in recent
sources, so that we can track down where exactly the time is wasted.
After you added these statements all over the place, stop sshd, install
this new DLL and then, before starting sshd again, tweak the following
registry entries:

  HKLM\SYSTEM\CurrentControlSet\Services\sshd\Parameters

  AppPath  ==>  "/bin/strace"
  AppArgs  ==>  "-o C:/sshd-strace.out /usr/sbin/sshd -d"

Note the old entries before so you can restore them afterwards.

Now log in exactly once and log out again.  Afterwards, the sshd process
will have stopped automatically (that's what the lowercase -d does).
Note that it takes *much* longer to login when running under strace.  Be
(even more) patient.

After each run, examine the CHECKPOINTs in the C:/sshd-strace.out file.
The left two columns show times in milliseconds which denotes the time
it took to get to this statement, relative to the last debug output and
relative to the process start.  At one point you will see that these
numbers between two CHECKPOINTs are unusual high.  That means, the
culprit of the delay is somewhere between these two CHECKPOINTs.  Now
let's play stepwise refinement and add more of these CHECKPOINTs between
the other two and reiterate the steps above, until you think you nailed
it down to a certain part of the DLL, or even a single Windows function
call.

For a start, add these, relative to the current code in CVS:

  syscalls.cc, line 2616:

    debug_printf ("CHECKPOINT 9999");

  sec_auth.cc, line 945:

    debug_printf ("CHECKPOINT 0");

  sec_auth.cc, line 1177:

    debug_printf ("CHECKPOINT 9998");

I assume the delay occurs either when trying to get the logon server
information (function get_logon_server, line 180), or when connecting
the logon server to fetch group information (function get_user_groups,
line 225 and function get_user_local_groups, line 313), so it might be a
good idea to add more CHECKPOINTs there.

When you think you found it, I'll take another look into it and
hopefully this can be fixed easily.


HTH,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/