Mailinglist Archive: opensuse (2912 mails)

< Previous Next >
Re: [SLE] SSH server login delayed
  • From: Michael Siefritz <suse-linux-e@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 22 Feb 2005 22:22:04 -0800
  • Message-id: <200502222222.04385.suse-linux-e@xxxxxxxxxxxxxxxxxxxxx>
On Tuesday 22 February 2005 21:04, Benjamin Hornberger wrote:
> At 07:31 PM 2/22/2005 -0800, Michael Siefritz wrote:
>
> >This looks normal. Could you also post what gets written
to /var/log/messages
> >from shortly before the delay until after you are logged in?
>
> In the following, HOST, SSH.GATEWAY.IP, HOST.EXTERNAL.IP,
> SSH.GATEWAY.HOSTNAME and USER are placeholders for the real values.
>
> I see that this suggests the problem lying in the DNS lookup, as suggested
> by Doug Currey, but "host SSH.GATEWAY.HOSTNAME" and "host SSH.GATEWAY.IP"
> work without problems.
>
> Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads
>
> ALL : localhost : ALLOW
>
>
> From /var/log/messages:
>
> >>> here trying to log in as USER
> Feb 22 23:46:15 HOST kernel: SFW2-INext-ACC-TCP IN=eth0 OUT=
> MAC=00:50:8d:e1:24:b3:00:0e:39:cc:34:0a:08:00 SRC=SSH.GATEWAY.IP
> DST=HOST.EXTERNAL.IP LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=17213 DF PROTO=TCP
> SPT=38936 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
> (020405B40402080A6FE8DDFD0000000001030300)
> Feb 22 23:46:26 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3
> DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=3975 PROTO=UDP
> SPT=5064 DPT=5065 LEN=24
> Feb 22 23:46:35 HOST sshd: warning: /etc/hosts.allow, line 63: can't verify
> hostname: getaddrinfo(SSH.GATEWAY.HOSTNAME): Name or service not known
> Feb 22 23:46:45 HOST sshd[7752]: reverse mapping checking getaddrinfo for
> SSH.GATEWAY.HOSTNAME failed - POSSIBLE BREAKIN ATTEMPT!
> Feb 22 23:46:46 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3
> DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=6023 PROTO=UDP
> SPT=5064 DPT=5065 LEN=24
> Feb 22 23:46:58 HOST sshd[7752]: Accepted keyboard-interactive/pam for USER
> from ::ffff:SSH.GATEWAY.IP port 38936 ssh2
> Feb 22 23:46:58 HOST sshd[7753]: Accepted keyboard-interactive/pam for USER
> from ::ffff:SSH.GATEWAY.IP port 38936 ssh2

I'm fresh out of ideas, unfortunately. A few things I would try / play with:

- ping SSH.GATEWAY.HOSTNAME
- ping localhost
- grep hosts /etc/nsswitch.conf
- comment out line 63 in /etc/hosts.allow or replace with "ALL : ALL : ALLOW"

Hopefully something will give you an idea why the name lookup fails.

Michael

< Previous Next >