Re: Issue with seteuid and openssh

[Stephen Carrier <carrier@berkeley.edu>]

On Tue, May 24, 2022 at 10:15:05PM +0000, Dale Lobb via Cygwin wrote:
> Greetings All,
> 
>   Has anyone seen an issue similar to this?
> 
>   I have a VMWare virtual machine loaded with Windows Server 2016 OS and a Cygwin installation.  Cygwin runs an installed SSHD service via cygrunsrv.exe.  A data gateway engine on a different machine makes regular programmatic connections via SFTP to the server throughout the day.  This setup was established in 2021 and has run without issue for almost a year.
> 
>   Last night, the server rebooted automatically after windows updates.  After the reboot, the data gateway was then no longer able to connect to the server.  This condition persisted until I was informed of the issue this morning and connected to the Windows server using RDP to take a look at the issue, at which point the SSH connection suddenly started working.  Further tests showed this to be entirely repeatable.  After rebooting the server, the SSHD daemon does not allow connections, neither with password nor public key authorization, until someone connects to the server via RDP, at which time the SSH connections suddenly starts working again.
> 
>   The server's Windows application event log shows numerous errors from the SSHD daemon stating "sshd: PID <####>: fatal: seteuid 197108: No such device or address" during the time frame when SSH connection were not working.  The errors stop immediately when the RDP connection is recorded in the same event log.
> 
>   A google search for the error message turned up something somewhat similar from this mailing list back in March of 2019, bit there is no mention of RDP in that exchange.  Also, the advice given, to convert the SSHD service from running under the cyg_server account to LocalSystem, does not apply here, because the Cygwin installation is recent enough that it is already running under LocalSystem.

Do you mean the thread started by this message:

https://cygwin.com/pipermail/cygwin/2019-March/240389.html

which describes a nearly identical problem.  The main difference
is that the problem occored for Windows Server 2008R2 and 2012 but was
not confirmed on Windows Server 2016.  This looks like regression in
Windows so that now the problem occurs in Windows Server 2016 too.

This underlying issue was never addressed or fully understood because
the affected systems were EOL or nearly so.  (and there are awkward
workarounds for making do.)  Looks like WS2016 has been EOL since January,
so maybe no help this time either.

The thread does mention RDP, and sshd service was already running as Local
System, so I wonder if you read a different thread also from March 2019.

2019's problem occured for local accounts only.  Is the new problem
occuring for local accounts only?

2019's problem affected cron similarly to sshd so was a seteuid()
problem and not a sshd problem.  You might check if cron service is
similarly affected.

Hope this helps.

Stephen Carrier
BEAR Center
UC Berkeley