X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1CD5C3AAA084 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1611667872; bh=N8VsjYPmUo0OsGNEkm0TLOiscQD+05s+GiaT2BtHv6o=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=MmXXIC+ImKC4tuTTO4e9F2sh8snzaBNL/bWiBnElBY9Mof9zmRXiTi5dTr9MliT7e /PgBCKSdcUFk3i7PM71BHrC+btWM/gPniflK/4jTGv/7/LZdEyUSoup+sb+PXDZ4tQ L6gMK8lZTMnXswXM1CTha22SyDXFY5qIcjLB7SDA= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5B82F3854804 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=tLqj7LprzTdo11qzDmGop+OC61d4mCstezEzsxeajLs=; b=nChB57Uspq5oHQTfYKTNXOhcJtv+4YePla1AvBmRHGkyaQBZPkthzT4YvdRgHf5HYH RR7Zf4a2BKtDzJBFM0j3gO8iQewY2v0FiKtR8L4QI1LU8OAxDby6Ts7ibIB0UFNJcnus qStW6xM+lloNUS0EgbzGaLdLNigmr3GCkLOgxNqg8WCxOc1RpEBvwuzi7KJayH99pOwA i1OlPXW9fMnkUvPoED6dYQhUia4YU6GVbTbt8tT+oHZnm5oIRSYc2BmK4/HV6Ro8y2uJ PbnTppGofdvweMy8YxV2Sv540F+Fn3HE0b6I2r23C8VCkAuQRKQvqUvm3/0lx4LiMomu MwIw== X-Gm-Message-State: AOAM530lSetiF6QWyMseg3BRopEh2aaypbqDRZpMnA8GKMFaywNvjxB3 xAV4C3KKXojJgS2CQq601d8/R44B/qveqA== X-Google-Smtp-Source: ABdhPJxs1sm9BBTBAS791yK4a5s35hbqSQAut8Q97c724xfM2C9FqTxQywuHob4uos/36q7EaNTBEA== X-Received: by 2002:a05:651c:3c7:: with SMTP id f7mr2937436ljp.13.1611667867657; Tue, 26 Jan 2021 05:31:07 -0800 (PST) Subject: Re: sshd.exe waits repeatedly with SYN_SENT for inaccessible ldap To: cygwin AT cygwin DOT com References: <67ec7d7f-cac0-3a2a-4f85-1d42f0864b46 AT gmail DOT com> Message-ID: Date: Tue, 26 Jan 2021 16:31:05 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <67ec7d7f-cac0-3a2a-4f85-1d42f0864b46@gmail.com> Content-Language: en-US X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ilya Basin via Cygwin Reply-To: basinilya AT gmail DOT com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces AT cygwin DOT com Sender: "Cygwin" The problem is solved. Our DHCP server was sending me a bad WINS server ip. After fixing the issue I had to reboot the PC (just refreshing the ip and restarting cygsshd was not enough). On 22.01.2021 22:07, basinilya AT gmail DOT com wrote: > Hi. The problem first appeared ten days ago. It now takes minutes to login as a domain user. Tcpview shows that sshd.exe is trying to connect an inaccessible server on the port 389 (ldap). If I close the socket using Tcpview, successful login happens sooner. Both password and public key logins are affected, but with a public key sshd.exe tries to connect that server multiple times. Also, if I don't close the sockets repeatedly, ssh disconnects from the SSH server after 2 minutes of silence before the "last login" line appears: > > $ time ssh -vvv localhost > ... > debug1: Offering public key: > debug3: send packet: type 50 > debug2: we sent a publickey packet, wait for reply > > > debug3: receive packet: type 60 > debug1: Server accepts key: > debug3: sign_and_send_pubkey: RSA > debug3: sign_and_send_pubkey: signing using rsa-sha2-512 > debug3: send packet: type 50 > > > Connection closed by ::1 port 22 > > real 2m0.292s > user 0m0.045s > sys 0m0.122s > > > > Besedes, sshd.exe has a live connection on port 389 to another server all the time. > > > I can't see anything interesting in sshd log. At least the ldap ip address does not appear in the log. > > ... > > sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18) > > > sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys > ... > > > sshd: PID 1786: debug1: temporarily_use_uid: 1087042/1049089 (e=18/18) > ... > > > > sshd: PID 1786: debug1: trying public key file /home/basin/.ssh/authorized_keys > ... > > > > sshd: PID 1786: debug1: monitor_child_preauth: basin has been authenticated by privileged process > ... > > > > sshd: PID 1652: debug1: main_sigchld_handler: Child exited > > BTW, is it possible to make sshd write to a log file instead of Windows Event Log? > > -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple