From: Erik Soderquist <ErikSoderquist@gmail.com>
To: cygwin cygwin <cygwin@cygwin.com>
Subject: Re: sshd broken by seemingly trivial network change
Date: Thu, 17 Dec 2020 16:24:54 -0500 [thread overview]
Message-ID: <CACoZoo3bjp0MJy5jKoKtLEKqaBkQ8xbsB9Q8_8ErAG-9Wj7DpQ@mail.gmail.com> (raw)
In-Reply-To: <5dde4c43-e438-a4b3-95c9-097f395066bd@bellsouth.net>
On Thu, Dec 17, 2020 at 3:51 PM Charles Russell <redacted> wrote:
>
> On 12/17/2020 11:49 AM, Bill Stewart wrote:
>
> > Make sure to look carefully through all of the firewall rules and
> > check whether there is a rule blocking that executable or port.
> >
>
> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.
I've had weird instances where the Windows Firewall tools lied; I
confirmed this by temporarily shutting down the Windows Firewall
entirely, then restarting the service having problems and retesting.
On retest, it worked fine, confirming it was the firewall causing the
problem.
What exactly the problem was varied (this has happened many many times
to me)... In some cases it was the rule definition for the scope not
matching the actual network, in some cases I could not find any real
issue, but deleting and recreating the rules fixed the issue, in a few
cases, I also found a deny rule that somehow matched the service
having problems, and deny rules take precedence over allow rules. One
example of the conflict could be "sshd allowed" vs "port 22 denied";
the deny would take precedence.
I suggest doing the firewall down/restart sshd test to confirm or
refute the Windows Firewall being involved, then going from there.
-- Erik
--
"I do not think any of us are truly sane, Caleb. Not even you. Courage
is not sanity. Being willing to die for someone else is not sanity."
... "Love is not sane, nor is faith." ... "If sanity lacks those
things, Caleb, I want no part of it."
-- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne
next prev parent reply other threads:[~2020-12-17 21:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <5dde4c43-e438-a4b3-95c9-097f395066bd.ref@bellsouth.net>
2020-12-17 20:51 ` Charles Russell
2020-12-17 21:09 ` Brian Inglis
2020-12-17 21:23 ` Bill Stewart
2020-12-17 21:24 ` Erik Soderquist [this message]
2020-12-17 23:11 ` Bill Stewart
2020-12-19 0:17 ` Erik Soderquist
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACoZoo3bjp0MJy5jKoKtLEKqaBkQ8xbsB9Q8_8ErAG-9Wj7DpQ@mail.gmail.com \
--to=eriksoderquist@gmail.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).