Mailinglist Archive: opensuse (2912 mails)

< Previous Next >
Re: [SLE] SSH server login delayed
  • From: Benjamin Hornberger <bho@xxxxxxx>
  • Date: Wed, 23 Feb 2005 00:04:22 -0500
  • Message-id: <6.2.0.14.2.20050222233352.02e0ea50@xxxxxxxxxxx>
At 07:31 PM 2/22/2005 -0800, Michael Siefritz wrote:

This looks normal. Could you also post what gets written to /var/log/messages
from shortly before the delay until after you are logged in?

In the following, HOST, SSH.GATEWAY.IP, HOST.EXTERNAL.IP, SSH.GATEWAY.HOSTNAME and USER are placeholders for the real values.

I see that this suggests the problem lying in the DNS lookup, as suggested by Doug Currey, but "host SSH.GATEWAY.HOSTNAME" and "host SSH.GATEWAY.IP" work without problems.

Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads

ALL : localhost : ALLOW


From /var/log/messages:

>>> here trying to log in as USER
Feb 22 23:46:15 HOST kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:50:8d:e1:24:b3:00:0e:39:cc:34:0a:08:00 SRC=SSH.GATEWAY.IP DST=HOST.EXTERNAL.IP LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=17213 DF PROTO=TCP SPT=38936 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6FE8DDFD0000000001030300)
Feb 22 23:46:26 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=3975 PROTO=UDP SPT=5064 DPT=5065 LEN=24
Feb 22 23:46:35 HOST sshd: warning: /etc/hosts.allow, line 63: can't verify hostname: getaddrinfo(SSH.GATEWAY.HOSTNAME): Name or service not known
Feb 22 23:46:45 HOST sshd[7752]: reverse mapping checking getaddrinfo for SSH.GATEWAY.HOSTNAME failed - POSSIBLE BREAKIN ATTEMPT!
Feb 22 23:46:46 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=6023 PROTO=UDP SPT=5064 DPT=5065 LEN=24
Feb 22 23:46:58 HOST sshd[7752]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2
Feb 22 23:46:58 HOST sshd[7753]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2

Thanks for your help,
Benjamin




< Previous Next >