[OpenIndiana-discuss] Slow ssh login?

Alex Smith (K4RNT) shadowhunter at gmail.com
Sun Oct 21 05:40:49 UTC 2012


Perhaps setting UseDNS to "no" in sshd_config could help. :)

On Sat, Oct 20, 2012 at 8:58 PM, Gary Gendel <gary at genashor.com> wrote:
> Well, my problem seems to be exactly opposite.  If I restart sshd, I get
> really good response at first and then it deteriorates to a several second
> login delay. dig and dig -x is always fast. I even disabled reverse DNS on
> sshd with no difference.  Every once in a while I get fast response.  The
> sshd debug output doesn't show anything interesting.  This has been a real
> head-scratcher.
>
>
> On 10/19/12 7:02 PM, Richard Elling wrote:
>>
>> On Oct 19, 2012, at 3:51 PM, "Dan Swartzendruber" <dswartz at druber.com>
>> wrote:
>>
>>> Hi, all.  I've got an issue that is bugging me.  I've got an OI 151a7 VM
>>> and
>>> ssh to it takes 15 seconds or so, then I get a prompt.  It's not the
>>> usual
>>> reverse dns or gssapi stuff, since my backup node is also OI 151a7 and it
>>> responds instantly to the ssh request.
>>
>> 15 seconds is a magic number -- the default timeout for a DNS lookup.
>> Use getent to verify that lookups (forward and reverse) are fast. Use nscd
>> -i
>> to make sure the cached name lookups are flushed.
>>
>> Another quick test, if the first ssh takes a while, but soon afterwards a
>> second
>> completes quickly, then the nscd cache is working properly.
>>   -- richard
>>
>>
>>>   Google has not turned up anything
>>> useful except for the usual suspects that are innocent in this case.  The
>>> only hint I can see is if I give '-v' on the client, I see this:
>>>
>>> OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>>> debug1: Connecting to nas [10.0.0.4] port 22.
>>> debug1: Connection established.
>>> debug1: identity file /home/dswartz/.ssh/id_rsa type -1
>>> debug1: identity file /home/dswartz/.ssh/id_rsa-cert type -1
>>> debug1: identity file /home/dswartz/.ssh/id_dsa type -1
>>> debug1: identity file /home/dswartz/.ssh/id_dsa-cert type -1
>>> debug1: identity file /home/dswartz/.ssh/id_ecdsa type -1
>>> debug1: identity file /home/dswartz/.ssh/id_ecdsa-cert type -1
>>> debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.5
>>> debug1: no match: Sun_SSH_1.5
>>> debug1: Enabling compatibility mode for protocol 2.0
>>> debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
>>> debug1: SSH2_MSG_KEXINIT sent
>>> (the delay is here)
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>> debug1: Server host key: RSA
>>> 8c:78:a0:17:6b:17:1b:bf:83:69:a3:bf:59:df:18:07
>>> debug1: Host 'nas' is known and matches the RSA host key.
>>> debug1: Found key in /home/dswartz/.ssh/known_hosts:9
>>> debug1: ssh_rsa_verify: signature correct
>>> debug1: SSH2_MSG_NEWKEYS sent
>>> debug1: expecting SSH2_MSG_NEWKEYS
>>> debug1: SSH2_MSG_NEWKEYS received
>>> debug1: Roaming not allowed by server
>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> debug1: Authentications that can continue:
>>> publickey,password,keyboard-interactive
>>> debug1: Next authentication method: publickey
>>> debug1: Trying private key: /home/dswartz/.ssh/id_rsa
>>> debug1: Trying private key: /home/dswartz/.ssh/id_dsa
>>> debug1: Trying private key: /home/dswartz/.ssh/id_ecdsa
>>> debug1: Next authentication method: keyboard-interactive
>>>
>>> Any thoughts where to look?  It's got to be something that is different
>>> between the two OI hosts, but offhand, I'm not sure where to look.
>>> Thanks...
>>> _______________________________________________
>>> OpenIndiana-discuss mailing list
>>> OpenIndiana-discuss at openindiana.org
>>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>
>> --
>>
>> Richard.Elling at RichardElling.com
>> +1-760-896-4422
>>
>>
>>
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss



-- 
" ' With the first link, the chain is forged. The first speech
censured, the first thought forbidden, the first freedom denied,
chains us all irrevocably.' Those words were uttered by Judge Aaron
Satie as wisdom and warning... The first time any man's freedom is
trodden on we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron
Satie, Star Trek: TNG episode "The Drumhead"
- Alex Smith (K4RNT)
- Dulles Technology Corridor (Chantilly/Ashburn/Dulles), Virginia USA



More information about the OpenIndiana-discuss mailing list