Mail Archives: cygwin/2006/05/30/19:01:20
Vilar Camara wrote:
[snip]
> Now that's strange: in that verbose list there is no program listening
> on port 22. The only reference to sshd is in the following block:
>=20
> UDP 127.0.0.1:2186 *:* 2848
> C:\WINDOWS\system32\ZoneLabs\vetredir.dll
> C:\WINDOWS\system32\imslsp.dll
> C:\WINDOWS\system32\ws2_32.dll
> C:\cygwin\bin\cygwin1.dll
> [sshd.exe]
>=20
> The first DLL is a ZoneAlarm (firewall) one. This is curious, because
> that DLL is around even if the firewall is off. (The service related to
> ZA's firewall is called "TrueVector" and it is stopped in the Services
> list.) The port (2186) varies from run to run.
Your test is better that mine, when I tried 'netstat -anbv | grep -B 4 -A 2
"ssh"' I got:
...
> TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 20=
00
> [sshd.exe]
...
> --
>=20
> UDP 127.0.0.1:1051 *:* 20=
00
> C:\WINDOWS\system32\ws2_32.dll
> C:\Cygwin\bin\cygwin1.dll
> C:\cygwin\usr\sbin\sshd.exe
> -- unknown component(s) --
> C:\WINDOWS\system32\kernel32.dll
> [sshd.exe]
So the difference is very significant: sshd was not able to bind to port 22=
, we
don't really know what program is listening to that port, and the UDP port =
is
probably used by cygrunsvr (the program used to control sshd as service --
that's how services are installed under Cygwin)... and there is the dreaded
firewall dll.
> But it appears in: netstat -an | grep ":22"
>=20
> TCP 0.0.0.0:22 0.0.0.0:0 LISTENING
>=20
> Not all entries listed by -an appear on -anbv.
Perhaps the firewall is using some stealth trick, I don't know.
>> Also check: ps -a | grep sshd
>> before and during a test. Is the UID 18? does the process have any
>> suspend flags?
>=20
> Changed to "ps -a | grep ssh" to include the client.
> Before test:
>=20
> 3676 436 3676 2392 ? 18 17:52:14 /usr/sbin/sshd
>=20
> During test:
>=20
> 3676 436 3676 2392 ? 18 17:52:14 /usr/sbin/sshd
> I 4060 604 4060 2512 0 1003 17:54:12 /usr/bin/ssh
> 1560 3676 1560 2812 ? 18 17:54:12 /usr/sbin/sshd
>=20
> That "I" on the client is significant, but as far as we've been
> discussing this is somewhat expected (but not desired :-( ).
It is bad, but it is as we suspected: the client is connected to something =
and
it is waiting for input. I think it is not connected to the sshd server but
something that passes the connection later to sshd which spawns the 2nd sshd
that should continue using another port... and that probably never happens =
so
the client is kept waiting.
[snip]
> It can't proceed: it stops after the message "strace: couldn't attach to
> pid 3844 for debugging".
3844? You mean 1560 or you are reporting about two different tests.
> Doing strace to the original sshd.exe (the non-spawned one) reveals that
> tons of things happen when I run "ssh localhost", but I can't interpret
> all those gibberish output.
Not gibberish, probably Windows function calls (OK, close to gibberish) but=
the
main server is not interesting, it just spawns the real server.
> After all, I'm really suspicious about that ZoneAlarm DLL. But I think I
> can only purge it if I uninstall the firewall. Oh my.
Mmmm, OK everyone in favor of "Nuke the firewall" raise their hands :-)
Just kidding! Do both of your computers have the same firewall?
--=20
Ren=E9 Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -