Cygwin ssh server is not accepting connections

14

5

I've just set up an SSH server (OpenSSH) on a Windows 7 machine using cygwin and I'm trying to connect to it using PuTTY on a Windows Vista machine but I keep getting Connection timed out. I've checked the network activity on the Win 7 machine with Wireshark and found that I am receiving TCP SYN on port 22 on the Win 7 machine, but the ssh server doesn't seem to reply. I've checked the port number sshd is configured to use, checked my firewall rules and verified that I can ssh localhost (which I can just fine). I have absolutely no idea how to troubleshoot this problem.

Surma

Posted 2012-07-05T11:46:14.553

Reputation: 141

You should probably check your firewall again, and/or elaborate on this aspect. – jjlin – 2012-07-05T16:54:06.770

Answers

23

You may have Windows Firewall running. Open: Control Panel -> Windows Firewall -> Allow a program or feature through Windows Firewall

Click the "Change settings" button then the "Allow another program..." button. SSHD is probably not in the list that comes up, so use the "Browse..." button to find the binary and click "Open" and then "Add". Mine was in C:\cygwin\usr\sbin\sshd.exe

Somewhere in there you can decide which "Network location types..." you want to use. I left mine with Private checked and public unchecked. I can now login remotely.

Frank

Posted 2012-07-05T11:46:14.553

Reputation: 231

Further to Frank's answer, when I installed a privacy VPN on a computer on my home network, I saw this same problem. It was because with the VPN the computer was now connecting with the sshd on a public network. To fix this I had to allow sshd through the Windows Firewall for public locations as well as private.

– James Hirschorn – 2015-12-28T17:26:21.220

5

Does your sshd_config specify ListenAddress as 0.0.0.0 or 127.0.0.1?

If it's 0.0.0.0 or just commented out, then you can connect from outside the machine, ie, from another computer.

If it's 127.0.0.1 (or any other 127.0.0.x number), then it's ONLY listening on the LOCALHOST, and you can only log in from the SAME machine. External machines are denied.

lornix

Posted 2012-07-05T11:46:14.553

Reputation: 9 633

2It's commented out. – Surma – 2012-07-08T13:40:18.213

1

For me the issue was with incorrect ownership of the /var/empty file. The problem became obvious after putting sshd in debug mode with /usr/sbin/sshd.exe -D -dd. I had to correct it with:

chown [user]:[group] /var/empty

User and group were taken from the ls -la /var directory (just matched other files). See more info here: https://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#EMBSC340

demisx

Posted 2012-07-05T11:46:14.553

Reputation: 111

Thank you for pointing out sshd -D -dd – John Oxley – 2016-11-03T13:51:51.530

1

After messing around with windows firewall to no effect I eventually found I had to allow connections to my own subnet in Cygwin itself via the /etc/hosts.allow file.

This line (using my subnet) as the first rule fixed the issue for me.

ALL : 192.168.0.0/24 : allow

chriswhitmore

Posted 2012-07-05T11:46:14.553

Reputation: 111

1A problem with hosts.allow or hosts.deny wouldn't cause a connection timeout. It would cause the SSH server to accept the connection, then drop it during the authentication process. – Kenster – 2014-06-19T13:45:47.610

@Kenster hosts.allow and hosts.deny work at TCP level. You would not be able to connect to the SSH server because you get blocked at layer 4, before even reaching the SSH server. – mtak – 2014-06-19T14:07:15.170

@mtak No, that's not true. hosts.allow and hosts.deny are configuration files for TCP Wrappers. The server program (sshd in this case) has to accept the TCP connection, get the remote endpoint's IP address, then call TCP wrappers to see if the client should be allowed. If libwrap says no, then the server typically drops the connection.

– Kenster – 2014-06-19T14:25:19.653

See eg sshd.c. Look for the LIBWRAP ifdefs. Here is the hosts_access function that sshd is calling. I'll also note that the most recent version of sshd.c removes libwrap support.

– Kenster – 2014-06-19T14:28:46.580

@Kenster, my bad, you are right. I tried it and I get the following error: ssh_exchange_identification: Connection closed by remote host. Good day on SU :) – mtak – 2014-06-19T14:32:09.740

0

Make sure you are win 7 Antivirus is not blocking port 22. Also, go to your windows service panel and search for CYGWINsshd and enable it. set logon to locate and check of the box.

That will fix the issue: user@mymachine ~ $ net start sshd System error 1069 has occurred.

The service did not start due to a logon failure.

D Go

Posted 2012-07-05T11:46:14.553

Reputation: 1

Asked: 2012-07-05T11:46:14.553

Viewed: 27 343 times

Active: 2016-04-02T02:55:43.413