* sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
@ 2021-01-22 19:07 basinilya
2021-01-26 13:31 ` basinilya
0 siblings, 1 reply; 4+ messages in thread
From: basinilya @ 2021-01-22 19:07 UTC (permalink / raw)
To: cygwin
Hi. The problem first appeared ten days ago. It now takes minutes to login as a domain user. Tcpview shows that sshd.exe is trying to connect an inaccessible server on the port 389 (ldap). If I close the socket using Tcpview, successful login happens sooner. Both password and public key logins are affected, but with a public key sshd.exe tries to connect that server multiple times. Also, if I don't close the sockets repeatedly, ssh disconnects from the SSH server after 2 minutes of silence before the "last login" line appears:
$ time ssh -vvv localhost
...
debug1: Offering public key:
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key:
debug3: sign_and_send_pubkey: RSA
debug3: sign_and_send_pubkey: signing using rsa-sha2-512
debug3: send packet: type 50
Connection closed by ::1 port 22
real 2m0.292s
user 0m0.045s
sys 0m0.122s
Besedes, sshd.exe has a live connection on port 389 to another server all the time.
I can't see anything interesting in sshd log. At least the ldap ip address does not appear in the log.
...
<TimeCreated SystemTime="2021-01-22T18:52:09.7210295Z" />
<Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data>
<TimeCreated SystemTime="2021-01-22T18:52:51.9304939Z" />
<Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data>
...
<TimeCreated SystemTime="2021-01-22T18:53:21.6284471Z" />
<Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data>
...
<TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" />
<Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data>
...
<TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" />
<Data>sshd: PID 1786: debug1: monitor_child_preauth: basin has been authenticated by privileged process</Data>
...
<TimeCreated SystemTime="2021-01-22T18:54:09.6686942Z" />
<Data>sshd: PID 1652: debug1: main_sigchld_handler: Child exited</Data>
BTW, is it possible to make sshd write to a log file instead of Windows Event Log?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
2021-01-22 19:07 sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap basinilya
@ 2021-01-26 13:31 ` basinilya
2021-01-28 19:06 ` Bill Stewart
0 siblings, 1 reply; 4+ messages in thread
From: basinilya @ 2021-01-26 13:31 UTC (permalink / raw)
To: cygwin
The problem is solved.
Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough).
On 22.01.2021 22:07, basinilya@gmail.com wrote:
> Hi. The problem first appeared ten days ago. It now takes minutes to login as a domain user. Tcpview shows that sshd.exe is trying to connect an inaccessible server on the port 389 (ldap). If I close the socket using Tcpview, successful login happens sooner. Both password and public key logins are affected, but with a public key sshd.exe tries to connect that server multiple times. Also, if I don't close the sockets repeatedly, ssh disconnects from the SSH server after 2 minutes of silence before the "last login" line appears:
>
> $ time ssh -vvv localhost
> ...
> debug1: Offering public key:
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
>
>
> debug3: receive packet: type 60
> debug1: Server accepts key:
> debug3: sign_and_send_pubkey: RSA
> debug3: sign_and_send_pubkey: signing using rsa-sha2-512
> debug3: send packet: type 50
>
>
> Connection closed by ::1 port 22
>
> real 2m0.292s
> user 0m0.045s
> sys 0m0.122s
>
>
>
> Besedes, sshd.exe has a live connection on port 389 to another server all the time.
>
>
> I can't see anything interesting in sshd log. At least the ldap ip address does not appear in the log.
>
> ...
> <TimeCreated SystemTime="2021-01-22T18:52:09.7210295Z" />
> <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data>
>
> <TimeCreated SystemTime="2021-01-22T18:52:51.9304939Z" />
> <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data>
> ...
>
> <TimeCreated SystemTime="2021-01-22T18:53:21.6284471Z" />
> <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data>
> ...
>
>
> <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" />
> <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data>
> ...
>
>
> <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" />
> <Data>sshd: PID 1786: debug1: monitor_child_preauth: basin has been authenticated by privileged process</Data>
> ...
>
>
> <TimeCreated SystemTime="2021-01-22T18:54:09.6686942Z" />
> <Data>sshd: PID 1652: debug1: main_sigchld_handler: Child exited</Data>
>
> BTW, is it possible to make sshd write to a log file instead of Windows Event Log?
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
2021-01-26 13:31 ` basinilya
@ 2021-01-28 19:06 ` Bill Stewart
2021-01-28 19:08 ` Bill Stewart
0 siblings, 1 reply; 4+ messages in thread
From: Bill Stewart @ 2021-01-28 19:06 UTC (permalink / raw)
To: cygwin
On Tue, Jan 26, 2021 at 6:31 AM Ilya Basin via Cygwin wrote:
> The problem is solved.
> Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough).
It's doubtful a reboot is required. Probably 'nbtstat -RR' would have
been sufficient (although this command does require elevation).
Bill
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
2021-01-28 19:06 ` Bill Stewart
@ 2021-01-28 19:08 ` Bill Stewart
0 siblings, 0 replies; 4+ messages in thread
From: Bill Stewart @ 2021-01-28 19:08 UTC (permalink / raw)
To: cygwin
On Thu, Jan 28, 2021 at 12:06 PM Bill Stewart wrote:
>
> On Tue, Jan 26, 2021 at 6:31 AM Ilya Basin via Cygwin wrote:
>
> > The problem is solved.
> > Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough).
>
> It's doubtful a reboot is required. Probably 'nbtstat -RR' would have
> been sufficient (although this command does require elevation).
Sorry, that should have read 'nbtstat -R' (not 'nbtstat -RR').
Bill
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-28 19:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-22 19:07 sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap basinilya
2021-01-26 13:31 ` basinilya
2021-01-28 19:06 ` Bill Stewart
2021-01-28 19:08 ` Bill Stewart
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).