X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 25ADB3896839
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1608240309;
	bh=lG+ZLEc7t32ZbEyY8rMvQiT9aEax39ZYpwYYr+pjVj0=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=AWF502A4CwjcocKEGh0aO7CcmnClz0BT1z3H+YTgeIJBVAcsxbY7Xzsl+nZ1J20tq
	 sKR7imtC4dgVmk8qfu8vXIWJvO/vbNWEwHhxGw1z1c0CK84n2wzHZgef4SjM8Ps4OW
	 H8n4l/e9KDcpBKTpXJOJ5Dq0FdYCUF8Ee9NJonLs=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 1582F388C023
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=ZsdZrt/riJ5MHimX/1fCOmo6GB4d/AreTUSIxpqCrxA=;
 b=Zkh6PXMJpsfN7OV3vARSfqXiTgbKCCxTPQKhUh5HJRM9CMPV03Hp/uxklqwMEwUCc0
 Ezgd5yOkqG9PVpisLAnlSX09CzfWovVJRgyQ51xQMuYi70/xu2bINHD84HG1IUXyR20u
 Zi4VCQQFVxh4oqBMGZVRwkSRTVr0NcnQrgHWGVZ1oHov10G/rHBvbQs2ty3CA9R8tYoX
 Y2s7Kyn4Zy06gX6Jh7zn5415+JG6Zs1x0/xUR5aVCj1qqvFSg+V3DHHzM+gVpgMrs8MZ
 L0SBaE1PoyCPqt9SBEev1SkgbR1dYCbjgZvM06Hb9zNTFvXKmqA0bjGWIRm/QBwRsHkQ
 csTQ==
X-Gm-Message-State: AOAM532QYycXMuJr+IYsQcXA6Y3qd8AZvwjn0/Dd4sR6M7Wwoeb1hrI/
 jcX1TmxQUfutSb8j1ljuPoMWfa63rnXwxDC0HEHkMfnpDvwIng==
X-Google-Smtp-Source: ABdhPJwRhEcxAe5gb1fkMoubgdoxMOy/QmaoxwA8aW1MA4YGuBnruXOxPFNojP42b1MSqPGpicxYTy1vhcyO3QzPLfo=
X-Received: by 2002:a1c:7d94:: with SMTP id y142mr1179926wmc.105.1608240305969; 
 Thu, 17 Dec 2020 13:25:05 -0800 (PST)
MIME-Version: 1.0
References: <5dde4c43-e438-a4b3-95c9-097f395066bd DOT ref AT bellsouth DOT net>
 <5dde4c43-e438-a4b3-95c9-097f395066bd AT bellsouth DOT net>
In-Reply-To: <5dde4c43-e438-a4b3-95c9-097f395066bd@bellsouth.net>
Date: Thu, 17 Dec 2020 16:24:54 -0500
Message-ID: <CACoZoo3bjp0MJy5jKoKtLEKqaBkQ8xbsB9Q8_8ErAG-9Wj7DpQ@mail.gmail.com>
Subject: Re: sshd broken by seemingly trivial network change
To: cygwin cygwin <cygwin AT cygwin DOT com>
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Erik Soderquist via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Erik Soderquist <ErikSoderquist AT gmail DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com>

On Thu, Dec 17, 2020 at 3:51 PM Charles Russell <redacted> wrote:
>
> On 12/17/2020 11:49 AM, Bill Stewart wrote:
>
>  > Make sure to look carefully through all of the firewall rules and
>  > check whether there is a rule blocking that executable or port.
>  >
>
> Selecting "Advanced Settings" and then "incoming rules", I see one rule
> for sshd private: enabled, allowed and one rule for sshd public:
> enabled, allowed. There is a third rule for sshd domain: (disabled,
> allowed). I believe that one is irrelevant but I enabled it anyway,
> which did not help.

I've had weird instances where the Windows Firewall tools lied; I
confirmed this by temporarily shutting down the Windows Firewall
entirely, then restarting the service having problems and retesting.
On retest, it worked fine, confirming it was the firewall causing the
problem.

What exactly the problem was varied (this has happened many many times
to me)...  In some cases it was the rule definition for the scope not
matching the actual network, in some cases I could not find any real
issue, but deleting and recreating the rules fixed the issue, in a few
cases, I also found a deny rule that somehow matched the service
having problems, and deny rules take precedence over allow rules.  One
example of the conflict could be "sshd allowed" vs "port 22 denied";
the deny would take precedence.

I suggest doing the firewall down/restart sshd test to confirm or
refute the Windows Firewall being involved, then going from there.

-- Erik




--
"I do not think any of us are truly sane, Caleb. Not even you. Courage
is not sanity. Being willing to die for someone else is not sanity."
... "Love is not sane, nor is faith." ... "If sanity lacks those
things, Caleb, I want no part of it."

-- Alexandria Terri in "Weaving the Wyvern" by Alexis Desiree Thorne
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple