On Tuesday 22 February 2005 21:04, Benjamin Hornberger wrote:
At 07:31 PM 2/22/2005 -0800, Michael Siefritz wrote:
This looks normal. Could you also post what gets written to /var/log/messages from shortly before the delay until after you are logged in?
In the following, HOST, SSH.GATEWAY.IP, HOST.EXTERNAL.IP, SSH.GATEWAY.HOSTNAME and USER are placeholders for the real values.
I see that this suggests the problem lying in the DNS lookup, as suggested by Doug Currey, but "host SSH.GATEWAY.HOSTNAME" and "host SSH.GATEWAY.IP" work without problems.
Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads
ALL : localhost : ALLOW
From /var/log/messages:
here trying to log in as USER Feb 22 23:46:15 HOST kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:50:8d:e1:24:b3:00:0e:39:cc:34:0a:08:00 SRC=SSH.GATEWAY.IP DST=HOST.EXTERNAL.IP LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=17213 DF PROTO=TCP SPT=38936 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6FE8DDFD0000000001030300) Feb 22 23:46:26 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=3975 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:35 HOST sshd: warning: /etc/hosts.allow, line 63: can't verify hostname: getaddrinfo(SSH.GATEWAY.HOSTNAME): Name or service not known Feb 22 23:46:45 HOST sshd[7752]: reverse mapping checking getaddrinfo for SSH.GATEWAY.HOSTNAME failed - POSSIBLE BREAKIN ATTEMPT! Feb 22 23:46:46 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=6023 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:58 HOST sshd[7752]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2 Feb 22 23:46:58 HOST sshd[7753]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2
I'm fresh out of ideas, unfortunately. A few things I would try / play with: - ping SSH.GATEWAY.HOSTNAME - ping localhost - grep hosts /etc/nsswitch.conf - comment out line 63 in /etc/hosts.allow or replace with "ALL : ALL : ALLOW" Hopefully something will give you an idea why the name lookup fails. Michael