X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 1CD5C3AAA084
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1611667872;
	bh=N8VsjYPmUo0OsGNEkm0TLOiscQD+05s+GiaT2BtHv6o=;
	h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=MmXXIC+ImKC4tuTTO4e9F2sh8snzaBNL/bWiBnElBY9Mof9zmRXiTi5dTr9MliT7e
	/PgBCKSdcUFk3i7PM71BHrC+btWM/gPniflK/4jTGv/7/LZdEyUSoup+sb+PXDZ4tQ
	L6gMK8lZTMnXswXM1CTha22SyDXFY5qIcjLB7SDA=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 5B82F3854804
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:from:to:references:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=tLqj7LprzTdo11qzDmGop+OC61d4mCstezEzsxeajLs=;
	b=nChB57Uspq5oHQTfYKTNXOhcJtv+4YePla1AvBmRHGkyaQBZPkthzT4YvdRgHf5HYH
	RR7Zf4a2BKtDzJBFM0j3gO8iQewY2v0FiKtR8L4QI1LU8OAxDby6Ts7ibIB0UFNJcnus
	qStW6xM+lloNUS0EgbzGaLdLNigmr3GCkLOgxNqg8WCxOc1RpEBvwuzi7KJayH99pOwA
	i1OlPXW9fMnkUvPoED6dYQhUia4YU6GVbTbt8tT+oHZnm5oIRSYc2BmK4/HV6Ro8y2uJ
	PbnTppGofdvweMy8YxV2Sv540F+Fn3HE0b6I2r23C8VCkAuQRKQvqUvm3/0lx4LiMomu
	MwIw==
X-Gm-Message-State:	AOAM530lSetiF6QWyMseg3BRopEh2aaypbqDRZpMnA8GKMFaywNvjxB3
	xAV4C3KKXojJgS2CQq601d8/R44B/qveqA==
X-Google-Smtp-Source:	ABdhPJxs1sm9BBTBAS791yK4a5s35hbqSQAut8Q97c724xfM2C9FqTxQywuHob4uos/36q7EaNTBEA==
X-Received:	by 2002:a05:651c:3c7:: with SMTP id
	f7mr2937436ljp.13.1611667867657;
	Tue, 26 Jan 2021 05:31:07 -0800 (PST)
Subject:	Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap
To:	cygwin AT cygwin DOT com
References:	<67ec7d7f-cac0-3a2a-4f85-1d42f0864b46 AT gmail DOT com>
Message-ID:	<cf346226-7e85-2f30-c39f-6b5f6180aa16@gmail.com>
Date:	Tue, 26 Jan 2021 16:31:05 +0300
User-Agent:	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101
	Thunderbird/78.6.1
MIME-Version:	1.0
In-Reply-To:	<67ec7d7f-cac0-3a2a-4f85-1d42f0864b46@gmail.com>
X-Spam-Status:	No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
	RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Ilya Basin via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	basinilya AT gmail DOT com
Errors-To:	cygwin-bounces AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

The problem is solved.
Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough).

On 22.01.2021 22:07, basinilya AT gmail DOT com wrote:
> Hi. The problem first appeared ten days ago. It now takes minutes to login as a domain user. Tcpview shows that sshd.exe is trying to connect an inaccessible server on the port 389 (ldap). If I close the socket using Tcpview, successful login happens sooner. Both password and public key logins are affected, but with a public key sshd.exe tries to connect that server multiple times. Also, if I don't close the sockets repeatedly, ssh disconnects from the SSH server after 2 minutes of silence before the "last login" line appears:
> 
>     $ time ssh -vvv localhost
>     ...
>     debug1: Offering public key:
>     debug3: send packet: type 50
>     debug2: we sent a publickey packet, wait for reply
>     
>     
>     debug3: receive packet: type 60
>     debug1: Server accepts key: 
>     debug3: sign_and_send_pubkey: RSA
>     debug3: sign_and_send_pubkey: signing using rsa-sha2-512
>     debug3: send packet: type 50
>     
>     
>     Connection closed by ::1 port 22
>     
>     real    2m0.292s
>     user    0m0.045s
>     sys     0m0.122s
> 
> 
> 
> Besedes, sshd.exe has a live connection on port 389 to another server all the time.
> 
> 
> I can't see anything interesting in sshd log. At least the ldap ip address does not appear in the log.
> 
>     ...
>     <TimeCreated SystemTime="2021-01-22T18:52:09.7210295Z" /> 
>     <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data> 
>       
>     <TimeCreated SystemTime="2021-01-22T18:52:51.9304939Z" /> 
>     <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data> 
>     ...
>     
>     <TimeCreated SystemTime="2021-01-22T18:53:21.6284471Z" /> 
>     <Data>sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18)</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" /> 
>     <Data>sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:03.7296838Z" /> 
>     <Data>sshd: PID 1786: debug1: monitor_child_preauth: basin has been authenticated by privileged process</Data> 
>     ...
>     
>     
>     <TimeCreated SystemTime="2021-01-22T18:54:09.6686942Z" /> 
>     <Data>sshd: PID 1652: debug1: main_sigchld_handler: Child exited</Data> 
> 
> BTW, is it possible to make sshd write to a log file instead of Windows Event Log?
> 
> 
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -