From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by sourceware.org (Postfix) with ESMTPS id 77F30382F9B4 for ; Thu, 26 May 2022 23:39:28 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 77F30382F9B4 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=berkeley.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=berkeley.edu Received: by mail-pg1-x536.google.com with SMTP id a9so2537432pgv.12 for ; Thu, 26 May 2022 16:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=berkeley.edu; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=+gq4wv3+fEmxzP9+CZ1lo5bTIEgJhoAO2T3/2PjRyeg=; b=tFF6NiVJ/4CnS420jROi9co1zq5MYjpM19j361RKpYP+ku8uir/y9p7PaeyF/1n5Mh 7T09NBA95HiRaL2MKBtmZJyO5VKbwGVPf4uWiRyA0iNEcrHQmRWj4dYrqkZLU3x5CO2T wwzAh7scSRkKf55n5ZFywY/dJ8BMPTb654fonQeRmnhIGGh2gUwBv5pSUOLoVYkLdEVS oUy+CR2u+Rg7swkmRJJ5/bAQ2AY5GCFdxsetjG4dgEMLN82JkrHQcHgAqxIbXppzKAjs sWCRjw/AwV6VgXYCxfxjaA/iWR9TuWao7kMTjhQUDITCgLGuXU1k1leV4ZOjG4wlyoBk eyHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=+gq4wv3+fEmxzP9+CZ1lo5bTIEgJhoAO2T3/2PjRyeg=; b=DCjyk0rvuZYc/wDM0qy2wExCZtpetfWMxdAOfkiiXLzfqE2wUWLBQKRnvuA2x8weiu ZHBlKk2wTizAO9OU79mb4V27lO2VcsemblPQSx+o7WjXF1acr6/tygFYwt+tAELkqn7s n7udoCFs7UVPfUpVuPQrsScVuF1hDI3ID44Np1SWw3B0zuBr2zxXGBvPpFoXTCt6bPdU VRQnwEmuQGSXwZGSM7xVqpWZGghHT1JOgp1hgXxMfAkvRXyEHLPo2kzA2IPbrQ1jG/5d /YH9E9sO1A4pafa4Gq5PqaEfcMmzLd/ZeUSG6rah4anhLNDosnPPAJcEHK+h4HbUjVYo tWNA== X-Gm-Message-State: AOAM531/V/yCAAQOL2KXgaawhEOhA6l/RU4EiVYYYd/M+w0Q9Jtr6xsf mgcKmpmmCFK332zJ5RQ2VK9o3g== X-Google-Smtp-Source: ABdhPJzXfUItGVCmxAW9OOA5F+QAIMgGu5YyMV8UA8dxjnOell2f97hrhG+Cib2wtyGmmGD5lggjJQ== X-Received: by 2002:a62:4e03:0:b0:519:36cc:a169 with SMTP id c3-20020a624e03000000b0051936cca169mr458125pfb.71.1653608367175; Thu, 26 May 2022 16:39:27 -0700 (PDT) Received: from iguana.crashland.org (ec2-52-35-100-111.us-west-2.compute.amazonaws.com. [52.35.100.111]) by smtp.gmail.com with ESMTPSA id d26-20020aa797ba000000b0050dc762816csm2167128pfq.70.2022.05.26.16.39.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 May 2022 16:39:26 -0700 (PDT) From: Stephen Carrier X-Google-Original-From: Stephen Carrier Received: by iguana.crashland.org (Postfix, from userid 510) id 2BC70662F5; Thu, 26 May 2022 16:39:26 -0700 (PDT) Date: Thu, 26 May 2022 16:39:26 -0700 To: Dale Lobb Cc: "'cygwin@cygwin.com'" Subject: Re: Issue with seteuid and openssh Message-ID: <20220526233926.GA13111@iguana.crashland.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.2 (2019-09-21) X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2022 23:39:32 -0000 On Tue, May 24, 2022 at 10:15:05PM +0000, Dale Lobb via Cygwin wrote: > Greetings All, > > Has anyone seen an issue similar to this? > > I have a VMWare virtual machine loaded with Windows Server 2016 OS and a Cygwin installation. Cygwin runs an installed SSHD service via cygrunsrv.exe. A data gateway engine on a different machine makes regular programmatic connections via SFTP to the server throughout the day. This setup was established in 2021 and has run without issue for almost a year. > > Last night, the server rebooted automatically after windows updates. After the reboot, the data gateway was then no longer able to connect to the server. This condition persisted until I was informed of the issue this morning and connected to the Windows server using RDP to take a look at the issue, at which point the SSH connection suddenly started working. Further tests showed this to be entirely repeatable. After rebooting the server, the SSHD daemon does not allow connections, neither with password nor public key authorization, until someone connects to the server via RDP, at which time the SSH connections suddenly starts working again. > > The server's Windows application event log shows numerous errors from the SSHD daemon stating "sshd: PID <####>: fatal: seteuid 197108: No such device or address" during the time frame when SSH connection were not working. The errors stop immediately when the RDP connection is recorded in the same event log. > > A google search for the error message turned up something somewhat similar from this mailing list back in March of 2019, bit there is no mention of RDP in that exchange. Also, the advice given, to convert the SSHD service from running under the cyg_server account to LocalSystem, does not apply here, because the Cygwin installation is recent enough that it is already running under LocalSystem. Do you mean the thread started by this message: https://cygwin.com/pipermail/cygwin/2019-March/240389.html which describes a nearly identical problem. The main difference is that the problem occored for Windows Server 2008R2 and 2012 but was not confirmed on Windows Server 2016. This looks like regression in Windows so that now the problem occurs in Windows Server 2016 too. This underlying issue was never addressed or fully understood because the affected systems were EOL or nearly so. (and there are awkward workarounds for making do.) Looks like WS2016 has been EOL since January, so maybe no help this time either. The thread does mention RDP, and sshd service was already running as Local System, so I wonder if you read a different thread also from March 2019. 2019's problem occured for local accounts only. Is the new problem occuring for local accounts only? 2019's problem affected cron similarly to sshd so was a seteuid() problem and not a sshd problem. You might check if cron service is similarly affected. Hope this helps. Stephen Carrier BEAR Center UC Berkeley