This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

sshd problems on specific host [1.5.25-15]


Several hours after a reboot with no apparent trigger, sshd
stops working - 'ssh localhost' hangs prior to prompt for manual
password authentication.  For example when trying:

  ssh -v -v localhost

  # same issue for
  ssh HOSTNAME-HERE.FQDN-HERE

##
cygwin version and test case:

  $ date;uname -a; cygcheck -c cygwin
  Wed Mar 18 14:08:29 CDT 2009
  CYGWIN_NT-5.0 myhost03 1.5.25(0.156/4/2) 2008-06-12 19:34 i686 Cygwin
  Cygwin Package Information
  Package              Version        Status
  cygwin               1.5.25-15      OK

-- 'ssh -v -v localhost... minutes later manually killed sshd' --

  /tmp $ date;ssh -v -v localhost
  Wed Mar 18 12:59:12 CDT 2009
  OpenSSH_5.1p1, OpenSSL 0.9.8j 07 Jan 2009
  debug1: Reading configuration data /etc/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to localhost [127.0.0.1] port 22.
  debug1: Connection established.
  debug1: identity file /home/adm_tsr/.ssh/identity type -1
  debug2: key_type_from_name: unknown key type '-----BEGIN'
  debug2: key_type_from_name: unknown key type 'Proc-Type:'
  debug2: key_type_from_name: unknown key type 'DEK-Info:'
  debug2: key_type_from_name: unknown key type '-----END'
  debug1: identity file /home/adm_tsr/.ssh/id_rsa type 1
  debug1: identity file /home/adm_tsr/.ssh/id_dsa type -1
  ssh_exchange_identification: read: Connection reset by peer
  /tmp $ : sshd killed, it is now: 13:03:04 Wed 090318

-- bash session showing 'strace of sshd' --

  /drv/c/tmp $ net start sshd
  The CYGWIN sshd service is starting.
  The CYGWIN sshd service was started successfully.
  /drv/c/tmp $ cd /tmp
  /tmp $ p
    PID  PPID %CPU S    VSZ USER     TT        SESS  PGRP  START COMMAND
   2312     1  0.0 S   1596 SYSTEM   ?         2312  2312  12:51 /usr/bin/cygrunsrv
   1476  2312  0.0 S   2708 SYSTEM   ?         2312  1476  12:51   /usr/sbin/sshd -D
   --snip
   2748  2128  0.0 R   2600 adm_tsr  tty0      2128  2748  12:54   procps -wwo pid,ppid,%cpu,state,vsize,user,tty,session,pgrp,bsdstart,args -H -e
  /tmp $ date;strace -ostrace.out -p1476
  Wed Mar 18 12:59:02 CDT 2009
  Windows process 1380 attached
  Windows process 1380 detached
  /tmp $ ls -lrt strace.out*
  -r-xr-xr-x  1 adm_tsr 7rq_staff 1502 Mar 18 12:59 strace.out,b4-sshd-kill*
  -r-xr-xr-x+ 1 adm_tsr 7rq_staff 4918 Mar 18 13:03 strace.out*
  /tmp $ 

-- session showing 'kill of sshd minutes after "ssh localhost" blocked' --

  /tmp $ p                # 'p' is my alias for "procps -wwo pid,ppid..."
    PID  PPID %CPU S    VSZ USER     TT        SESS  PGRP  START COMMAND
   --snip
   2248  2308  0.0 R   2600 adm_tsr  tty2      2308  2248  12:57   procps -wwo pid,ppid,%cpu,state,vsize,user,tty,session,pgrp,bsdstart,args -H -e
   2312     1  0.0 S   1620 SYSTEM   ?         2312  2312  12:51 /usr/bin/cygrunsrv
   1476  2312  0.0 S   2736 SYSTEM   ?         2312  1476  12:51   /usr/sbin/sshd -D
   --snip
  /tmp $ ls -l strace.out
  -r-xr-xr-x+ 1 adm_tsr 7rq_staff 1502 Mar 18 12:59 strace.out*
  /tmp $ cp strace.out strace.out,b4-sshd-kill
  /tmp $ p
    PID  PPID %CPU S    VSZ USER     TT        SESS  PGRP  START COMMAND
   --snip
   1724  2308  0.0 R   2600 adm_tsr  tty2      2308  1724  13:02   procps -wwo pid,ppid,%cpu,state,vsize,user,tty,session,pgrp,bsdstart,args -H -e
   2312     1  0.0 S   1620 SYSTEM   ?         2312  2312  12:51 /usr/bin/cygrunsrv
   1476  2312  0.0 S   2760 SYSTEM   ?         2312  1476  12:51   /usr/sbin/sshd -D
   --snip
   2208  2724  0.0 S   2832 adm_tsr  tty1      2724  2208  12:59   ssh -v -v localhost
   --snip
    700  2128  0.0 S   1412 adm_tsr  tty0      2128   700  12:59   <defunct>
  /tmp $ date;kill -kill 1476
  Wed Mar 18 13:03:04 CDT 2009
  /tmp $ 

If you have test suggestions, let me know.

Attachment: cygcheck.out
Description: cygcheck -s -v -r

This snip from cygcheck.out:

  Potential app conflicts:

  ZoneAlarm Personal Firewall
  Detected: HKLM Registry Key, Named file.

is interesting/important!?; but I have searched the entire
registry for 'ZoneAlarm', using regedit and have found nothing;
also checked add/remove programs.  What does it mean?

Attachment: strace.out,b4-sshd-kill
Description: strace of sshd before killed

Attachment: strace.out
Description: whole strace of sshd

I have re-installed the cygwin 'base', and 'net' "group
packages" using cygwin setup.exe, and then ran the rebaseall procedure
per the README.  Since then I removed/reinstalled sshd using ssh-host-config.

The box has been scanned for viruses, I've checked the system and app
event logs, and the sshd.log.  I ran 'gmer' to check for rootkits.

This box has had cygwin on it for years, working just fine; wish
I could suggest a change that may have triggered this - cygwin
was updated in the last month, but then the box is also getting
automatic updates from Microsoft also...

--
thanks/regards,
Tom

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]