[opensuse] SSH Login Delay running 10.3
Dear list, I just set up a new server running 10.3 (minimal text install). Whenever I try to login using a ssh client (ssh on linux, putty on windows) I encounter a long delay (appr. 15 seconds) after the password input. log/messages says sshd: reverse mapping ... I googled this and it was about a DNS error. But all postings I saw so far about are about a delay before login (at least before password input). And they are from prior 2006. So I guess the DNS problem is fixed. (I can't use etc/resolv because I don't have a fixed IP). Next line in log is about a login but no errors anymore. The server I ran before was a 9.3 updated to 10.0 on older hardware and login is defitnly 20 times as fast! Am I the only one? Any ideas? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/3/07, Johannes Nohl wrote:
Dear list,
I just set up a new server running 10.3 (minimal text install). Whenever I try to login using a ssh client (ssh on linux, putty on windows) I encounter a long delay (appr. 15 seconds) after the password input.
log/messages says sshd: reverse mapping ... I googled this and it was about a DNS error. But all postings I saw so far about are about a delay before login (at least before password input). And they are from prior 2006. So I guess the DNS problem is fixed. (I can't use etc/resolv because I don't have a fixed IP). Next line in log is about a login but no errors anymore.
The server I ran before was a 9.3 updated to 10.0 on older hardware and login is defitnly 20 times as fast!
Am I the only one? Any ideas?
This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong. - -- Andy Harrison public key: 0x67518262 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFHLO8WNTm8fWdRgmIRAq6KAKCgYkpAh7G10L3sDHU/QGRLEEZn7gCdGheO ln4BK0G2eHow/6nhjtvLUaU= =k9q1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong.
But that's exactly what happens. All three nameservers are working and I can look up my dial in IP using nslookup. There are no delays. Also I read that the resolving problem is causing a delay before you are prompted for password. I experienced the delay AFTER password prompt. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Johannes Nohl wrote:
This normally is a problem with dns resolution. The resolv.conf file should be updated automatically updated by dhclient when you get your ip. If it isn't, then something is wrong.
But that's exactly what happens. All three nameservers are working and I can look up my dial in IP using nslookup. There are no delays.
Also I read that the resolving problem is causing a delay before you are prompted for password. I experienced the delay AFTER password prompt.
Hi, I also encountered this problem when I upgraded from 10.2 to 10.3. On 10.2 using putty from either a linux box or winx box to the 10.2 server it was almost instantaneous. After the upgrade to 10.3 it took a LONG time to get the password prompt after entering the login name - sometimes the problem was also seen on the login prompt. It was not a dns issue as my dns and resolv were working fine in all other aspects - only ssh was affected. This was when 10.3 first came out - however now it seems to be back to normal - not sure if the updates had anything to do with it. In fact when this originally happened after the upgrade to 10.3 - i did monitor the log files as well as using tripwire but nothing came of it as there were no errors or anything - just a timing issue. After entering the login name, it would just sit there for between 15 to 35 secs and EVENTUALLY the password prompt came up. I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!). Rgds. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!).
I don't think so. Which version are you using? # rpm -q openssh openssh-4.6p1-58.1 Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. "# ssh localhost" delays, too. frustrating. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
make sure your DNS works properly this usually happens when reverse lookups are broken in my experience, that is most likely the cause, there is a setting you can disable if you will not have a good working DNS in your environment, I believe it is the GSSAPI options, if you google search with " slow ssh logins GSSAPI options" not in quotes you should see some hits. But, having a good DNS is the best answer. On Mon, 2007-11-05 at 16:46 +0100, Johannes Nohl wrote:
I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!).
I don't think so. Which version are you using?
# rpm -q openssh openssh-4.6p1-58.1
Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. "# ssh localhost" delays, too.
frustrating.
Hi Todd!
make sure your DNS works properly this usually happens when reverse lookups are broken in my experience, that is most likely the cause, there is a setting you can disable if you will not have a good working DNS in your environment, I believe it is the GSSAPI options, if you google search with " slow ssh logins GSSAPI options" not in quotes you should see some hits. But, having a good DNS is the best answer.
You know what you're saying. Great! That was the answer. THANKS. Is it a security risk? I uncommented this options in /etc/ssh/sshd_config: # GSSAPI options GSSAPIAuthentication no GSSAPICleanupCredentials yes (what I don't understand: I read that every option in config which is commented points to the default. Now I just uncommenting it, not changing the value, does the trick. weird... For the archive...) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
You know what you're saying. Great! That was the answer. THANKS.
Is it a security risk?
I uncommented this options in /etc/ssh/sshd_config: # GSSAPI options GSSAPIAuthentication no GSSAPICleanupCredentials yes
(what I don't understand: I read that every option in config which is commented points to the default. Now I just uncommenting it, not changing the value, does the trick. weird... For the archive...)
Glad to have helped someone. I have to admit the I do not know the total implications of those options, I think they are related to Kerberos authentication somehow. I personally choose in making my DNS correct and not changing the GSSAPI Options I just ran across the alternate solution researching something Else. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Johannes Nohl wrote:
I guess you perform all the updates and the prob seems to disappear (at least it did so in my case!).
I don't think so. Which version are you using?
# rpm -q openssh openssh-4.6p1-58.1
Could it be related to unauthorized logins? There are some in the log but not all the time while I tried to login. Btw. "# ssh localhost" delays, too.
frustrating.
Hi, Yep, mine is the same openssh version (openssh-4.6p1-58.1). I checked my logs and yes there are some ssh login attempts but nothing that would cause the delay. I also fiddled with both firewall up and down and same problem. My problem with the lengthy ssh login time (it could just be coincidence??) seems to have disappeared after I did a couple of Yast2 updates (including the new kernel 2.6.22.9-0.4-default). Now ssh seems to be back to normal as it was in 10.2. I agree - it was very frustrating there for a while. Not sure if it makes a diff but my system is a dual amd64x2 and I used the opensuse x86_64 dvd. I also made sure that the dns lookup and reverse dns were setup and working properly (basically identical as in 10.2) but again no joy. Rgds. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Andy Harrison -
Johannes Nohl -
Ness, Todd -
Otto Rodusek (AP-SGP)