Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

Handle leak, locked file after using ssh connection to user account

Open WeleSS2 opened this issue 1 year ago • 4 comments
trafficstars

Prerequisites

  • [X] Write a descriptive title.
  • [X] Make sure you are able to repro it on the latest version
  • [X] Search the existing issues.

Steps to reproduce

After connecting using ssh from machine A to machine B .DAT files are marked as "Open by System".

Steps:

  • Download OpenSSH from Optional Feaures.
  • Create a new account on machine B, do not login to this account.
  • Connect from machine A to machine B using ssh.
  • Close connection, remove account on machine B.
  • In the users is leftover folder with .DAT files inside which are open by a system.

Comment: Tested VM hyper-V and another physical machine. Tried finding handle in resource monitor and using Handler.exe from sysinternal. Handle isn;t listed in any of.

Tried to duplicate handle using c++ and close binary/library reponsible for keeping it alive. Program couldn't find any binary or library which have this handle open. Regardless it's listed as open by System.

Expected behavior

.DAT files shouldn't lock removing this folder. Handles to them should be closed and i should be able to remove user folder. (C:\Users\userfolder)

Actual behavior

.DAT files are locked and removing them is impossible until restart.

Error details

No response

Environment data

Both server and client. 

Name                           Value                                                                                   
----                           -----                                                                                   
PSVersion                      5.1.22621.2506                                                                          
PSEdition                      Desktop                                                                                 
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                 
BuildVersion                   10.0.22621.2506                                                                         
CLRVersion                     4.0.30319.42000                                                                         
WSManStackVersion              3.0                                                                                     
PSRemotingProtocolVersion      2.3                                                                                     
SerializationVersion           1.1.0.1

Version

9.5

Visuals

No response

WeleSS2 avatar Feb 15 '24 12:02 WeleSS2

If you turn off the SSHD service on machine B does the issue persist?

maertendMSFT avatar Mar 04 '24 18:03 maertendMSFT

Hi, I'm on different account but i would like to answer now.

I disabled openssh server and ssdp protocol too. Nothing changed

JakubS02 avatar Mar 06 '24 15:03 JakubS02

If SSHD was the service that was locking the files, then when it is turned off, they should no longer be locked. Can you confirm that there are no other processes using the files?

maertendMSFT avatar Mar 11 '24 18:03 maertendMSFT

If there is something else i can test it.

But i disabled everything what is on this ss, it's locked by system not sshd itself. And as i said it only happens when new account have been logged 1st time by sshd.

Untitled

JakubS02 avatar Mar 19 '24 10:03 JakubS02