Re: sshd broken by seemingly trivial network change

Re: sshd broken by seemingly trivial network change

[Charles Russell]

On 12/17/2020 11:49 AM, Bill Stewart wrote:

 > Make sure to look carefully through all of the firewall rules and
 > check whether there is a rule blocking that executable or port.
 >

Selecting "Advanced Settings" and then "incoming rules", I see one rule 
for sshd private: enabled, allowed and one rule for sshd public: 
enabled, allowed. There is a third rule for sshd domain: (disabled, 
allowed). I believe that one is irrelevant but I enabled it anyway, 
which did not help.

Is there someplace else I should look? This is Windows 7 Home Premium.

Re: sshd broken by seemingly trivial network change

[Brian Inglis]

On 2020-12-17 13:51, Charles Russell wrote:
> On 12/17/2020 11:49 AM, Bill Stewart wrote:
>> Make sure to look carefully through all of the firewall rules and
>> check whether there is a rule blocking that executable or port.

> Selecting "Advanced Settings" and then "incoming rules", I see one rule for sshd 
> private: enabled, allowed and one rule for sshd public: enabled, allowed. There 
> is a third rule for sshd domain: (disabled, allowed). I believe that one is 
> irrelevant but I enabled it anyway, which did not help.
> 
> Is there someplace else I should look? This is Windows 7 Home Premium.

Have you checked your new router to see what default rules are enabled there?

Some routers may come with blocks for common attack vectors, against the router 
itself or the local network, that may need to be disabled if you want to allow 
connections from other systems.

The router may have been setup or used by the selling org, or a customer, and 
returned and resold.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

Re: sshd broken by seemingly trivial network change

[Bill Stewart]

On Thu, Dec 17, 2020 at 1:51 PM Charles Russell wrote:

> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.
>
> Is there someplace else I should look? This is Windows 7 Home Premium.

If it works when you disable the firewall, then (to state the obvious,
sorry) there is a rule in the firewall that is blocking the traffic.

I would suggest to examine all of the rules carefully. I say this
because it is happened to me before, and I could have sworn that I
looked at all of the rules.

BIll

Re: sshd broken by seemingly trivial network change

[Erik Soderquist]

On Thu, Dec 17, 2020 at 3:51 PM Charles Russell <redacted> wrote:
>
> On 12/17/2020 11:49 AM, Bill Stewart wrote:
>
>  > Make sure to look carefully through all of the firewall rules and
>  > check whether there is a rule blocking that executable or port.
>  >
>
> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.

I've had weird instances where the Windows Firewall tools lied; I
confirmed this by temporarily shutting down the Windows Firewall
entirely, then restarting the service having problems and retesting.
On retest, it worked fine, confirming it was the firewall causing the
problem.

What exactly the problem was varied (this has happened many many times
to me)...  In some cases it was the rule definition for the scope not
matching the actual network, in some cases I could not find any real
issue, but deleting and recreating the rules fixed the issue, in a few
cases, I also found a deny rule that somehow matched the service
having problems, and deny rules take precedence over allow rules.  One
example of the conflict could be "sshd allowed" vs "port 22 denied";
the deny would take precedence.

I suggest doing the firewall down/restart sshd test to confirm or
refute the Windows Firewall being involved, then going from there.

-- Erik




--
"I do not think any of us are truly sane, Caleb. Not even you. Courage
is not sanity. Being willing to die for someone else is not sanity."
... "Love is not sane, nor is faith." ... "If sanity lacks those
things, Caleb, I want no part of it."

-- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne

Re: sshd broken by seemingly trivial network change

[Bill Stewart]

On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote:

> I've had weird instances where the Windows Firewall tools lied; I
> confirmed this by temporarily shutting down the Windows Firewall
> entirely, then restarting the service having problems and retesting.
> On retest, it worked fine, confirming it was the firewall causing the
> problem.

I have never experienced anything like this, on any Windows version
for any application, after working with just about every version of
Windows firewall since its inception, in a number of different
organizations.

In every case I thought the Windows firewall was the culprit, it turns
out it was my own misunderstanding.

Bill

Re: sshd broken by seemingly trivial network change

[Erik Soderquist]

On Thu, Dec 17, 2020 at 6:12 PM Bill Stewart <redacted> wrote:
>
> On Thu, Dec 17, 2020 at 2:25 PM Erik Soderquist wrote:
>
> > I've had weird instances where the Windows Firewall tools lied; I
> > confirmed this by temporarily shutting down the Windows Firewall
> > entirely, then restarting the service having problems and retesting.
> > On retest, it worked fine, confirming it was the firewall causing the
> > problem.
>
> I have never experienced anything like this, on any Windows version
> for any application, after working with just about every version of
> Windows firewall since its inception, in a number of different
> organizations.
>
> In every case I thought the Windows firewall was the culprit, it turns
> out it was my own misunderstanding.

I kind of envy that... I've had a litany of weird did not make sense
quirks dealing with many aspects of Windows in my career.

-- Erik