From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <basinilya@gmail.com>
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com
 [IPv6:2a00:1450:4864:20::234])
 by sourceware.org (Postfix) with ESMTPS id 5B82F3854804
 for <cygwin@cygwin.com>; Tue, 26 Jan 2021 13:31:09 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5B82F3854804
Received: by mail-lj1-x234.google.com with SMTP id i17so19565342ljn.1
 for <cygwin@cygwin.com>; Tue, 26 Jan 2021 05:31:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:from:to:references:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=tLqj7LprzTdo11qzDmGop+OC61d4mCstezEzsxeajLs=;
 b=nChB57Uspq5oHQTfYKTNXOhcJtv+4YePla1AvBmRHGkyaQBZPkthzT4YvdRgHf5HYH
 RR7Zf4a2BKtDzJBFM0j3gO8iQewY2v0FiKtR8L4QI1LU8OAxDby6Ts7ibIB0UFNJcnus
 qStW6xM+lloNUS0EgbzGaLdLNigmr3GCkLOgxNqg8WCxOc1RpEBvwuzi7KJayH99pOwA
 i1OlPXW9fMnkUvPoED6dYQhUia4YU6GVbTbt8tT+oHZnm5oIRSYc2BmK4/HV6Ro8y2uJ
 PbnTppGofdvweMy8YxV2Sv540F+Fn3HE0b6I2r23C8VCkAuQRKQvqUvm3/0lx4LiMomu
 MwIw==
X-Gm-Message-State: AOAM530lSetiF6QWyMseg3BRopEh2aaypbqDRZpMnA8GKMFaywNvjxB3
 xAV4C3KKXojJgS2CQq601d8/R44B/qveqA==
X-Google-Smtp-Source: ABdhPJxs1sm9BBTBAS791yK4a5s35hbqSQAut8Q97c724xfM2C9FqTxQywuHob4uos/36q7EaNTBEA==
X-Received: by 2002:a05:651c:3c7:: with SMTP id
 f7mr2937436ljp.13.1611667867657; 
 Tue, 26 Jan 2021 05:31:07 -0800 (PST)
Received: from [192.168.1.107] ([93.100.116.8])
 by smtp.googlemail.com with ESMTPSA id b14sm2576849lfi.164.2021.01.26.05.31.06
 for <cygwin@cygwin.com>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 26 Jan 2021 05:31:06 -0800 (PST)
Subject: Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
From: basinilya@gmail.com
To: cygwin@cygwin.com
References: <67ec7d7f-cac0-3a2a-4f85-1d42f0864b46@gmail.com>
Message-ID: <cf346226-7e85-2f30-c39f-6b5f6180aa16@gmail.com>
Date: Tue, 26 Jan 2021 16:31:05 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.1
MIME-Version: 1.0
In-Reply-To: <67ec7d7f-cac0-3a2a-4f85-1d42f0864b46@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 13:31:11 -0000

The problem is solved.
Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough).

On 22.01.2021 22:07, basinilya@gmail.com wrote:
> Hi. The problem first appeared ten days ago. It now takes minutes to login as a domain user. Tcpview shows that sshd.exe is trying to connect an inaccessible server on the port 389 (ldap). If I close the socket using Tcpview, successful login happens sooner. Both password and public key logins are affected, but with a public key sshd.exe tries to connect that server multiple times. Also, if I don't close the sockets repeatedly, ssh disconnects from the SSH server after 2 minutes of silence before the "last login" line appears:
> 
>     $ time ssh -vvv localhost
>     ...
>     debug1: Offering public key:
>     debug3: send packet: type 50
>     debug2: we sent a publickey packet, wait for reply
>     
>     
>     debug3: receive packet: type 60
>     debug1: Server accepts key: 
>     debug3: sign_and_send_pubkey: RSA
>     debug3: sign_and_send_pubkey: signing using rsa-sha2-512
>     debug3: send packet: type 50
>     
>     
>     Connection closed by ::1 port 22
>     
>     real    2m0.292s
>     user    0m0.045s
>     sys     0m0.122s
> 
> 
> 
> Besedes, sshd.exe has a live connection on port 389 to another server all the time.
> 
> 
> I can't see anything interesting in sshd log. At least the ldap ip address does not appear in the log.
> 
>     ...
>     <TimeCreated SystemTime="2021-01-22T18:52:09.7210295Z" /> 
>     <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data> 
>       
>     <TimeCreated SystemTime="2021-01-22T18:52:51.9304939Z" /> 
>     <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data> 
>     ...
>     
>     <TimeCreated SystemTime="2021-01-22T18:53:21.6284471Z" /> 
>     <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" /> 
>     <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" /> 
>     <Data>sshd: PID 1786: debug1: monitor_child_preauth: basin has been authenticated by privileged process</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:09.6686942Z" /> 
>     <Data>sshd: PID 1652: debug1: main_sigchld_handler: Child exited</Data> 
> 
> BTW, is it possible to make sshd write to a log file instead of Windows Event Log?
> 
>