From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by sourceware.org (Postfix) with ESMTPS id 0A650385840F for ; Sun, 20 Feb 2022 03:24:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0A650385840F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ej1-x62b.google.com with SMTP id p9so24383200ejd.6 for ; Sat, 19 Feb 2022 19:24:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=sQ3WfOfj8ynP7q2mGp65BTKBGrPnz3QJ3Q111GwrCfM=; b=DcEE3AV//M8z9hZlIDRmIk6kwBiZHfrFSf/Pwovx6vkkz2fHCrF28BcZyzahwLalCy oxejLsk4yxS83r738mBzTOCdd6n9HkHmnBXESQ9voElqWz8kFyu/ea1y0ZQ0zQzK+vQE zYdNhxJqH3mrkJxZRArEDnKaenP4dcmpNatl5T+IO/gMaAAy6pcA2MDDQ8X6CWXqudgZ lYmJ0n4DhpOHq5NPpBLspnPgaZdMbp4KfYvmlSRhu74O8f11JQ2RMy9Vrp6h9NOacpGY IkHNGYYJZEc/Ig/LAl1L5aEGWG1nT/mzTLP93LAxRPgzJ34h6inQP8kFvK2cobAVj4Zr 4GIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=sQ3WfOfj8ynP7q2mGp65BTKBGrPnz3QJ3Q111GwrCfM=; b=qZgpD2bfVbNRR9bK2sWUeXhA4fByar11FvBLzYMhKEr4nNbdRu4sk9QNPnp5JIFznj CHT0nPzIyPE3w1H6roDEKe0cjugScJaTMAbyVUA2YhdiJf23Xw/PcvtJCOj8ns1lsGfm oILHwO8AyJb6gFjplcojPY7I7YynjT3tIewCFmI8yY3BftBUq1mXtvIzWMi/8croxBpf vh8PnM6m68Mhd98PAxxSao/emkiZPW1jQdfrJ6/7b1JWrY1gQ/sXyABVjoCSR0t/oEsk 4f0/zeQsgTRfMkrtEdEe7xYs6iSGnpVS4ExVP8Oa8vavxGsflFOXhYX2PWvVDNMhZIoH R//w== X-Gm-Message-State: AOAM530euGxdIt8ioaxaKjt4WA4nw6M/pgUXWJS/YB2/QiKbRU8M6T/A +J6zWP1xctLZkcUYUL/HU9mHhTxK6LfvOsjevyeMXvRBvsM= X-Google-Smtp-Source: ABdhPJzJ3Q9punra0jeTN8F7B0ihrTt1FUoPpRt+eRpI3AU5cMn9fDMKePeqKLvs3vRVVf9HlAMVHu9L7K5pU1gTTD8= X-Received: by 2002:a17:906:f18b:b0:6d0:4fa4:8c2d with SMTP id gs11-20020a170906f18b00b006d04fa48c2dmr11316549ejb.122.1645327496730; Sat, 19 Feb 2022 19:24:56 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Sanjay Gupta Date: Sat, 19 Feb 2022 19:24:45 -0800 Message-ID: Subject: Re: cygwin ssh connection from mac to windows Connection closed by XX.XX.XXX.XX port 22 To: cygwin@cygwin.com X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, HTML_MESSAGE, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, WEIRD_PORT autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2022 03:25:02 -0000 Issue gets resolved when I did and used my domain password. So my question is, is this needs to always run whenevery password gets changed as per domain policy ? I read docs about setuid changes and so forth but unable to understand much= . I have tried creating local account also but still it does not resolve issue unless I did following. passwd -R $ ./passwd.exe -R This functionality stores a password in the registry for usage by services which need to change the user context and require network access. Typical applications are interactive remote logons using sshd, cron task, etc. This password will always tried first when any privileged application is about to switch the user context. Note that storing even obfuscated passwords in the registry is not overly secure. Use this feature only if the machine is adequately locked down. Don't use this feature if you don't need network access within a remote session. You can delete the stored password by specifying an empty password. Enter your current password: Re-enter your current password: Can someone explain use of password -R and why I need to do it ? On Sat, Feb 19, 2022 at 9:15 AM Sanjay Gupta wrote: > Cygwin SSH Server runs on Win 10. SSH is running as a service and using > local system account as Logon property. > > I can successfully login using putty on Win 10 ( connection to localhost > and providing password when asked) so this works. > > Same when I try to connect from MAC, I get error Connection closed by > XX.XX.XXX.XX port 22 > > ssh -v -v -v user@mypc.com > OpenSSH_8.1p1, LibreSSL 2.7.3 > debug1: Reading configuration data /Users/macuser/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 47: Applying options for * > debug1: /etc/ssh/ssh_config line 51: Applying options for * > debug1: Connecting to mypc.com port 22. > debug1: Connection established. > debug1: identity file /Users/macuser/.ssh/id_rsa type 0 > debug1: identity file /Users/macuser/.ssh/id_rsa-cert type -1 > debug1: identity file /Users/macuser/.ssh/id_dsa type -1 > debug1: identity file /Users/macuser/.ssh/id_dsa-cert type -1 > debug1: identity file /Users/macuser/.ssh/id_ecdsa type -1 > debug1: identity file /Users/macuser/.ssh/id_ecdsa-cert type -1 > debug1: identity file /Users/macuser/.ssh/id_ed25519 type -1 > debug1: identity file /Users/macuser/.ssh/id_ed25519-cert type -1 > debug1: identity file /Users/macuser/.ssh/id_xmss type -1 > debug1: identity file /Users/macuser/.ssh/id_xmss-cert type -1 > debug1: Local version string SSH-2.0-OpenSSH_8.1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8 > debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000 > debug3: fd 5 is O_NONBLOCK > debug1: Authenticating to mypc.com:22 as 'user' > debug3: hostkeys_foreach: reading file "/Users/macuser/.ssh/known_hosts" > debug3: record_hostkey: found key type ECDSA in file /Users/macuser/.ssh/= known_hosts:311 > debug3: load_hostkeys: loaded 1 keys from mypc.com > debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v= 01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521= -cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-ni= stp521 > debug3: send packet: type 20 > debug1: SSH2_MSG_KEXINIT sent > debug3: receive packet: type 20 > debug1: SSH2_MSG_KEXINIT received > debug2: local client KEXINIT proposal > debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ec= dh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group= -exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha51= 2,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c > debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecd= sa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.= com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519= -cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v= 01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sh= a2-256,ssh-rsa > debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr= ,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr= ,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-= sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openss= h.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,= hmac-sha1 > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-= sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openss= h.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,= hmac-sha1 > debug2: compression ctos: none,zlib@openssh.com,zlib > debug2: compression stoc: none,zlib@openssh.com,zlib > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug2: peer server KEXINIT proposal > debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ec= dh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group= -exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha51= 2,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,diffie-hellman-g= roup-exchange-sha1 > debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp25= 6,ssh-ed25519 > debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr= ,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr= ,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com > debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-= sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openss= h.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,= hmac-sha1 > debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-= sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openss= h.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,= hmac-sha1 > debug2: compression ctos: none,zlib@openssh.com > debug2: compression stoc: none,zlib@openssh.com > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug1: kex: algorithm: curve25519-sha256 > debug1: kex: host key algorithm: ecdsa-sha2-nistp256 > debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none > debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none > debug3: send packet: type 30 > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug3: receive packet: type 31 > debug1: Server host key: ecdsa-sha2-nistp256 SHA256:oD2hFa/JcjHe/xayDBUYl= 1my190rrIGcKIniYl+hpfA > debug3: hostkeys_foreach: reading file "/Users/macuser/.ssh/known_hosts" > debug3: record_hostkey: found key type ECDSA in file /Users/macuser/.ssh/= known_hosts:311 > debug3: load_hostkeys: loaded 1 keys from mypc.com > debug3: hostkeys_foreach: reading file "/Users/macuser/.ssh/known_hosts" > debug3: record_hostkey: found key type ECDSA in file /Users/macuser/.ssh/= known_hosts:311 > debug3: load_hostkeys: loaded 1 keys from 10.60.193.69 > debug1: Host 'mypc.com' is known and matches the ECDSA host key. > debug1: Found key in /Users/macuser/.ssh/known_hosts:311 > debug3: send packet: type 21 > debug2: set_newkeys: mode 1 > debug1: rekey out after 134217728 blocks > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug3: receive packet: type 21 > debug1: SSH2_MSG_NEWKEYS received > debug2: set_newkeys: mode 0 > debug1: rekey in after 134217728 blocks > debug1: Will attempt key: /Users/macuser/.ssh/id_rsa RSA SHA256:+7RTuPPGL= QgUGUIU+fdAoxnhvZ1cy77GTzniJV8qyWQ > debug1: Will attempt key: /Users/macuser/.ssh/id_dsa > debug1: Will attempt key: /Users/macuser/.ssh/id_ecdsa > debug1: Will attempt key: /Users/macuser/.ssh/id_ed25519 > debug1: Will attempt key: /Users/macuser/.ssh/id_xmss > debug2: pubkey_prepare: done > debug3: send packet: type 5 > debug3: receive packet: type 7 > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: server-sig-algs=3D > debug3: receive packet: type 6 > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug3: send packet: type 50 > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey,password,keyboard-in= teractive > debug3: start over, passed a different list publickey,password,keyboard-i= nteractive > debug3: preferred publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive,password > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering public key: /Users/macuser/.ssh/id_rsa RSA SHA256:+7RTuP= PGLQgUGUIU+fdAoxnhvZ1cy77GTzniJV8qyWQ > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > Connection closed by XX.XX.XXX.XX port 22 > > Interestingly, if I stop windows service and manually run > /usr/sbin/sshd.exe -D and then I try to connect from MAC, it works So > obviously looks like some issue with service and may be system account. B= ut > then I have changed service to run as my Domain account but same issue > > I have also uninstalled and reinstalled sshd service couple of times as > well but did not help issue. I have also checked whether port no 22 is > getting blocked or not but does not seems like it. > > telnet mycygwinserver.com 22 > Trying XX.XX.XXX.XX... > Connected to mycygwinserver.com. > Escape character is '^]'. > SSH-2.0-OpenSSH_8.8 > > > Enabled syslog-ng and sshd_config log level to debug3 > > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_key_allowed: enteri= ng [preauth] > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_request_send: enter= ing, type 22 [preauth] > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_key_allowed: waitin= g for MONITOR_ANS_KEYALLOWED [preauth] > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_request_receive_exp= ect: entering, type 23 [preauth] > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_request_receive: en= tering [preauth] > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_request_receive: en= tering > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: monitor_read: checking= request 22 > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug3: mm_answer_keyallowed: = entering > Feb 18 21:18:34 USL37BCPC2 sshd: PID 1188: debug1: temporarily_use_uid: 4= 270411484/4266656257 (e=3D18/18) > Feb 18 21:18:36 USL37BCPC2 sshd: PID 1188: fatal: seteuid 4270411484: No = such device or address > Feb 18 21:18:36 USL37BCPC2 sshd: PID 1188: debug1: do_cleanup > Feb 18 21:18:36 USL37BCPC2 sshd: PID 1188: debug1: Killing privsep child = 1189 > > > Any idea why am I having issues with service vs manual running ? > > -- > > Thanks > Sanjay Gupta > > --=20 Thanks Sanjay Gupta