sshd+ssh localhost connects, but don't reach the shell

Vilar Camara vilarneto@hotmail.com
Tue May 30 22:11:00 GMT 2006 

> >> The symptoms do appear like a firewall issue like Larry Hall said,
> >
> > This is always a point to be rechecked. I just did it:
> > - All ssh.exe, ssh2.exe (Windows GUI client) and sshd.exe have full
> > permissions set to access and server;
> > - Logging on, but no log entries about these programs being blocked.
> >
> > Anyway, as I said before, all my tests were performed with firewall not
> > running. Should I try, for the sake of completeness, uninstalling it?
>
>No, have you tested with the Windows firewall running?

No, I never use Windows Firewall. My choice is Zone Alarm Pro. Even so, I 
had included Port 22 in the Windows Firewall exception list, although 
technically it should make no difference.

>Now try: netstat -anbv | grep -B 1 -A 2 ":22"
>should show only sshd.exe listening.

Now that's strange: in that verbose list there is no program listening on 
port 22.  The only reference to sshd is in the following block:

  UDP    127.0.0.1:2186         *:*                                    2848
  C:\WINDOWS\system32\ZoneLabs\vetredir.dll
  C:\WINDOWS\system32\imslsp.dll
  C:\WINDOWS\system32\ws2_32.dll
  C:\cygwin\bin\cygwin1.dll
  [sshd.exe]

The first DLL is a ZoneAlarm (firewall) one. This is curious, because that 
DLL is around even if the firewall is off. (The service related to ZA's 
firewall is called "TrueVector" and it is stopped in the Services list.) The 
port (2186) varies from run to run.

But it appears in: netstat -an | grep ":22"

  TCP    0.0.0.0:22             0.0.0.0:0              LISTENING

Not all entries listed by -an appear on -anbv.

>Also check: ps -a | grep sshd
>before and during a test.  Is the UID 18? does the process have any suspend 
>flags?

Changed to "ps -a | grep ssh" to include the client.
Before test:

     3676     436    3676       2392    ?   18 17:52:14 /usr/sbin/sshd

During test:

     3676     436    3676       2392    ?   18 17:52:14 /usr/sbin/sshd
I    4060     604    4060       2512    0 1003 17:54:12 /usr/bin/ssh
     1560    3676    1560       2812    ?   18 17:54:12 /usr/sbin/sshd

That "I" on the client is significant, but as far as we've been discussing 
this is somewhat expected (but not desired :-( ).

>During a test, the second sshd process is the interesting one, you could 
>try to
>see what is doing (when it appears to be stuck) by using: strace -p $PID
>where the process id is from the above ps -a.

It can't proceed: it stops after the message "strace: couldn't attach to pid 
3844 for debugging".

Doing strace to the original sshd.exe (the non-spawned one) reveals that 
tons of things happen when I run "ssh localhost", but I can't interpret all 
those gibberish output.

After all, I'm really suspicious about that ZoneAlarm DLL. But I think I can 
only purge it if I uninstall the firewall. Oh my.

--
Best regards,
Vilar Camara Neto



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list