SSH server login delayed
Hi all, I hope somebody can help me with the following problem -- sorry for the lengthy explanation. I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure. My machine also serves as a gateway between a small private subnet and the research lab network. Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and prompt for the password, which is quite annoying. If I log on from the private subnet, I get the password prompt immediately. If I log on from inside the lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client. The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off). One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a prompt saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window pops up again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to password after a while? But why does the login go quickly then from any machine other than the SSH gateway? Any help is greatly appreciated! Thanks, Benjamin
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
Hi all,
I hope somebody can help me with the following problem -- sorry for the lengthy explanation.
I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure.
My machine also serves as a gateway between a small private subnet and the research lab network.
Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and prompt for the password, which is quite annoying. If I log on from the private subnet, I get the password prompt immediately. If I log on from inside the lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client.
The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off).
One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a prompt saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window pops up again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to password after a while? But why does the login go quickly then from any machine other than the SSH gateway?
Any help is greatly appreciated! Thanks,
Benjamin
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol". Most probably it is set to something like 2,1, which means that first it tries version 2 of the protocol, and then ver. 1. Check /ect/ssh/ssh_config (note, not sshd_config) on the gateway for the same setting. There it may be set to 1,2, so it tries first to negotiate ver.1, and if fails, ver.2 Most probably this have to be the problem. Cheers Sunny -- Get Firefox http://www.spreadfirefox.com/?q=affiliates&id=10745&t=85
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: Hi all,
I hope somebody can help me with the following problem -- sorry for the lengthy explanation.
I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure.
My machine also serves as a gateway between a small private subnet and the research lab network.
Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and prompt for the password, which is quite annoying. If I log on from the private subnet, I get the password prompt immediately. If I log on from inside the lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client.
The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off).
One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a prompt saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window pops up again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to password after a while? But why does the login go quickly then from any machine other than the SSH gateway?
Any help is greatly appreciated! Thanks,
Benjamin
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol". Most probably it is set to something like 2,1, which means that first it tries version 2 of the protocol, and then ver. 1. Check /ect/ssh/ssh_config (note, not sshd_config) on the gateway for the same setting. There it may be set to 1,2, so it tries first to negotiate ver.1, and if fails, ver.2 Most probably this have to be the problem.
Unfortunately, this didn't help. Any more hints? Thanks, Benjamin
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: Hi all,
I hope somebody can help me with the following problem -- sorry for the lengthy explanation.
I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure.
My machine also serves as a gateway between a small private subnet and the research lab network.
Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and prompt for the password, which is quite annoying. If I log on from the private subnet, I get the password prompt immediately. If I log on from inside the lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client.
The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off).
One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a prompt saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window pops up again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to password after a while? But why does the login go quickly then from any machine other than the SSH gateway?
Any help is greatly appreciated! Thanks,
Benjamin
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol". Most probably it is set to something like 2,1, which means that first it tries version 2 of the protocol, and then ver. 1. Check /ect/ssh/ssh_config (note, not sshd_config) on the gateway for the same setting. There it may be set to 1,2, so it tries first to negotiate ver.1, and if fails, ver.2 Most probably this have to be the problem.
Unfortunately, this didn't help. Any more hints?
Thanks, Benjamin
Not really, but I would try to set the debug level of sshd on the SuSE box at the highest one and see in the log file if the delay happens internally or you should look for some networking problem. Sunny -- Get Firefox http://www.spreadfirefox.com/?q=affiliates&id=10745&t=85
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: Hi all,
I hope somebody can help me with the following problem -- sorry for
lengthy explanation.
I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure.
My machine also serves as a gateway between a small private subnet and
research lab network.
Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and
for the password, which is quite annoying. If I log on from the
subnet, I get the password prompt immediately. If I log on from inside
lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client.
The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off).
One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a
saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window
again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote the the prompt private the prompt pops up password
after a while? But why does the login go quickly then from any machine other than the SSH gateway?
Any help is greatly appreciated! Thanks,
Benjamin
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol". Most probably it is set to something like 2,1, which means that first it tries version 2 of the protocol, and then ver. 1. Check /ect/ssh/ssh_config (note, not sshd_config) on the gateway for the same setting. There it may be set to 1,2, so it tries first to negotiate ver.1, and if fails, ver.2 Most probably this have to be the problem.
Unfortunately, this didn't help. Any more hints?
Thanks, Benjamin
I think I had a similar problem. If memory serves it was do to the reverse dns not resolving correctly.
At 06:53 PM 2/22/2005 -0500, Doug Currey wrote:
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: Hi all,
I hope somebody can help me with the following problem -- sorry for
lengthy explanation.
I have a machine running SUSE 9.2 Pro in a large research lab. It has a unique IP address, but is not directly accessible from the outside world through the lab's firewall. Instead, the lab offers SSH gateways (running Debian 3.1) to which you can log in from outside, and from there you can ssh to machines in the lab. This is as much as I know about the lab's network structure.
My machine also serves as a gateway between a small private subnet and
research lab network.
Now I have the problem that if I want to log onto my machine from the lab's SSH gateway, it takes 30 seconds for the SSH server to respond and
for the password, which is quite annoying. If I log on from the
subnet, I get the password prompt immediately. If I log on from inside
lab's network, I get the immediate response as well. If I ping my machine from the SSH gateway, I get an immediate response. If I try to log onto a different Linux machine inside the lab's network from the SSH gateway (Redhat 7.3), I get an immediate response. So it looks like it's something between my machine's SSH server and the SSH gateway's SSH client.
The problem is independent of the machine's firewall settings (the same with the SUSE firewall on or off).
One hint might be that: If I log onto any other Linux machine from my Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a
saying "Enter Password". I type my password, and I'm there. For that SUSE machine though, I get a popup saying "Enter your authentication response" and a password field. I enter the password, and then another window
again saying "Enter your authentication response", and OK and cancel buttons. I first have to click OK, then I'm logged on. So maybe the server expects a different authentication mechanism and falls back to
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote the the prompt private the prompt pops up password
after a while? But why does the login go quickly then from any machine other than the SSH gateway?
Any help is greatly appreciated! Thanks,
Benjamin
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol". Most probably it is set to something like 2,1, which means that first it tries version 2 of the protocol, and then ver. 1. Check /ect/ssh/ssh_config (note, not sshd_config) on the gateway for the same setting. There it may be set to 1,2, so it tries first to negotiate ver.1, and if fails, ver.2 Most probably this have to be the problem.
Unfortunately, this didn't help. Any more hints?
Thanks, Benjamin
I think I had a similar problem. If memory serves it was do to the reverse dns not resolving correctly.
That doesn't seem to be the problem. DNS lookup works in both directions. Hmm... Benjamin
On Tuesday 22 February 2005 16:04, Benjamin Hornberger wrote:
At 06:53 PM 2/22/2005 -0500, Doug Currey wrote:
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: I think I had a similar problem. If memory serves it was do to the reverse dns not resolving correctly.
That doesn't seem to be the problem. DNS lookup works in both directions. Hmm...
I still would try to set "UseDNS no" in /etc/ssh/sshd_config and reload sshd, just to make sure. Michael BTW: please trim your quotes.
At 04:18 PM 2/22/2005 -0800, Michael Siefritz wrote:
On Tuesday 22 February 2005 16:04, Benjamin Hornberger wrote:
At 06:53 PM 2/22/2005 -0500, Doug Currey wrote:
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: I think I had a similar problem. If memory serves it was do to the reverse dns not resolving correctly.
That doesn't seem to be the problem. DNS lookup works in both directions. Hmm...
I still would try to set "UseDNS no" in /etc/ssh/sshd_config and reload sshd, just to make sure.
Didn't help :-(. Benjamin
On Tuesday 22 February 2005 16:29, Benjamin Hornberger wrote:
At 04:18 PM 2/22/2005 -0800, Michael Siefritz wrote:
On Tuesday 22 February 2005 16:04, Benjamin Hornberger wrote:
At 06:53 PM 2/22/2005 -0500, Doug Currey wrote:
On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote
At 03:11 PM 2/22/2005 -0600, Sunny wrote:
On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger
wrote: I still would try to set "UseDNS no" in /etc/ssh/sshd_config and reload sshd, just to make sure.
Didn't help :-(.
Could you stop the regular sshd daemon and start it in debug mode (sshd -ddd)? Then connect and check at what step in the process the delay occurs. Michael
At 05:35 PM 2/22/2005 -0800, Michael Siefritz wrote:
Could you stop the regular sshd daemon and start it in debug mode (sshd -ddd)? Then connect and check at what step in the process the delay occurs.
host:~ # /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 214 debug2: parse_server_config: config /etc/ssh/sshd_config len 214 debug1: sshd version OpenSSH_3.9p1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22.
here trying to connect debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 214 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 here waiting 30 sec, then typing password and being logged in. After logging out, the sshd quits. host:~ #
Thanks for your efforts, Benjamin
On Tuesday 22 February 2005 17:50, Benjamin Hornberger wrote:
At 05:35 PM 2/22/2005 -0800, Michael Siefritz wrote:
Could you stop the regular sshd daemon and start it in debug mode (sshd -ddd)? Then connect and check at what step in the process the delay occurs.
host:~ # /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 214 debug2: parse_server_config: config /etc/ssh/sshd_config len 214 debug1: sshd version OpenSSH_3.9p1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22.
here trying to connect debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 214 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 here waiting 30 sec, then typing password and being logged in. After logging out, the sshd quits. host:~ #
This looks normal. Could you also post what gets written to /var/log/messages from shortly before the delay until after you are logged in? Thanks Michael
At 07:31 PM 2/22/2005 -0800, Michael Siefritz wrote:
This looks normal. Could you also post what gets written to /var/log/messages from shortly before the delay until after you are logged in?
In the following, HOST, SSH.GATEWAY.IP, HOST.EXTERNAL.IP, SSH.GATEWAY.HOSTNAME and USER are placeholders for the real values. I see that this suggests the problem lying in the DNS lookup, as suggested by Doug Currey, but "host SSH.GATEWAY.HOSTNAME" and "host SSH.GATEWAY.IP" work without problems. Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads ALL : localhost : ALLOW From /var/log/messages:
here trying to log in as USER Feb 22 23:46:15 HOST kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:50:8d:e1:24:b3:00:0e:39:cc:34:0a:08:00 SRC=SSH.GATEWAY.IP DST=HOST.EXTERNAL.IP LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=17213 DF PROTO=TCP SPT=38936 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6FE8DDFD0000000001030300) Feb 22 23:46:26 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=3975 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:35 HOST sshd: warning: /etc/hosts.allow, line 63: can't verify hostname: getaddrinfo(SSH.GATEWAY.HOSTNAME): Name or service not known Feb 22 23:46:45 HOST sshd[7752]: reverse mapping checking getaddrinfo for SSH.GATEWAY.HOSTNAME failed - POSSIBLE BREAKIN ATTEMPT! Feb 22 23:46:46 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=6023 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:58 HOST sshd[7752]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2 Feb 22 23:46:58 HOST sshd[7753]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2
Thanks for your help, Benjamin
On Tuesday 22 February 2005 21:04, Benjamin Hornberger wrote:
At 07:31 PM 2/22/2005 -0800, Michael Siefritz wrote:
This looks normal. Could you also post what gets written to /var/log/messages from shortly before the delay until after you are logged in?
In the following, HOST, SSH.GATEWAY.IP, HOST.EXTERNAL.IP, SSH.GATEWAY.HOSTNAME and USER are placeholders for the real values.
I see that this suggests the problem lying in the DNS lookup, as suggested by Doug Currey, but "host SSH.GATEWAY.HOSTNAME" and "host SSH.GATEWAY.IP" work without problems.
Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads
ALL : localhost : ALLOW
From /var/log/messages:
here trying to log in as USER Feb 22 23:46:15 HOST kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:50:8d:e1:24:b3:00:0e:39:cc:34:0a:08:00 SRC=SSH.GATEWAY.IP DST=HOST.EXTERNAL.IP LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=17213 DF PROTO=TCP SPT=38936 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A6FE8DDFD0000000001030300) Feb 22 23:46:26 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=3975 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:35 HOST sshd: warning: /etc/hosts.allow, line 63: can't verify hostname: getaddrinfo(SSH.GATEWAY.HOSTNAME): Name or service not known Feb 22 23:46:45 HOST sshd[7752]: reverse mapping checking getaddrinfo for SSH.GATEWAY.HOSTNAME failed - POSSIBLE BREAKIN ATTEMPT! Feb 22 23:46:46 HOST kernel: SFW2-IN-ILL-TARGET IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:29:34:5d:b2:08:00 SRC=172.16.1.3 DST=172.16.1.255 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=6023 PROTO=UDP SPT=5064 DPT=5065 LEN=24 Feb 22 23:46:58 HOST sshd[7752]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2 Feb 22 23:46:58 HOST sshd[7753]: Accepted keyboard-interactive/pam for USER from ::ffff:SSH.GATEWAY.IP port 38936 ssh2
I'm fresh out of ideas, unfortunately. A few things I would try / play with: - ping SSH.GATEWAY.HOSTNAME - ping localhost - grep hosts /etc/nsswitch.conf - comment out line 63 in /etc/hosts.allow or replace with "ALL : ALL : ALLOW" Hopefully something will give you an idea why the name lookup fails. Michael
Benjamin Hornberger wrote:
[snip]
Line 63 in /etc/hosts.allow, which is mentioned in the log below, reads
ALL : localhost : ALLOW
[snip]
How about replacing localhost in that line with 127.0.0.1 Prolly best to make sure that "127.0.0.1 localhost" is in your /etc/hosts files as well, and not only the ::1 ipv6 stuff. :) Fish
> At 03:11 PM 2/22/2005 -0600, Sunny wrote: > >On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornbergerwrote: > > > Hi all, > > > > > > I hope somebody can help me with the following problem -- sorry for the > > > lengthy explanation. > > > > > > I have a machine running SUSE 9.2 Pro in a large research lab. It has a > > > unique IP address, but is not directly accessible from the outside world > > > through the lab's firewall. Instead, the lab offers SSH gateways (running > > > Debian 3.1) to which you can log in from outside, and from there you can > > > ssh to machines in the lab. This is as much as I know about the lab's > > > network structure. > > > > > > My machine also serves as a gateway between a small private subnet and the > > > research lab network. > > > > > > Now I have the problem that if I want to log onto my machine from the lab's > > > SSH gateway, it takes 30 seconds for the SSH server to respond and prompt > > > for the password, which is quite annoying. If I log on from the private > > > subnet, I get the password prompt immediately. If I log on from inside the > > > lab's network, I get the immediate response as well. If I ping my machine > > > from the SSH gateway, I get an immediate response. If I try to log onto a > > > different Linux machine inside the lab's network from the SSH gateway > > > (Redhat 7.3), I get an immediate response. So it looks like it's something > > > between my machine's SSH server and the SSH gateway's SSH client. > > > > > > The problem is independent of the machine's firewall settings (the same > > > with the SUSE firewall on or off). > > > > > > One hint might be that: If I log onto any other Linux machine from my > > > Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a prompt > > > saying "Enter Password". I type my password, and I'm there. For that SUSE > > > machine though, I get a popup saying "Enter your authentication response" > > > and a password field. I enter the password, and then another window pops up > > > again saying "Enter your authentication response", and OK and cancel > > > buttons. I first have to click OK, then I'm logged on. So maybe the server > > > expects a different authentication mechanism and falls back to password > > > after a while? But why does the login go quickly then from any machine > > > other than the SSH gateway? > > > > > > Any help is greatly appreciated! Thanks, > > > > > > Benjamin > > > > > > -- > > > Check the headers for your unsubscription address > > > For additional commands send e-mail to suse-linux-e-help@suse.com > > > Also check the archives at http://lists.suse.com > > > Please read the FAQs: suse-linux-e-faq@suse.com > > > > > > > > 1. enter in your /etc/hosts file from the ssh server the ip and hostname of the machine you try to connect from (it is a dns lookup issue) 2. enter in etc/ssh/sshd_config at VerifyReverseMapping, no. Josephine
At 08:32 AM 2/23/2005 +0100, Josephine wrote: > > > >1. enter in your /etc/hosts file from the ssh server the ip and hostname >of the machine you try to connect from (it is a dns lookup issue) That helped. Thanks so much to all of you for your efforts! Benjamin
At 09:08 AM 2/23/2005 -0500, Benjamin Hornberger wrote: >At 08:32 AM 2/23/2005 +0100, Josephine wrote: >> > > >>1. enter in your /etc/hosts file from the ssh server the ip and hostname >>of the machine you try to connect from (it is a dns lookup issue) > >That helped. Thanks so much to all of you for your efforts! Even though the problem is basically solved, I would like to ask another question: entering the gateway into the SSH server's /etc/hosts solved the problem. However, the SSH server also runs a name server (for a small private subnet), and entering the gateway into the name server database didn't help. Any hints on that? I thought if I run a name server, all I need in /etc/hosts is the localhost entry. Thanks, Benjamin
On Wednesday 23 February 2005 02:20 pm, Benjamin Hornberger wrote:
At 09:08 AM 2/23/2005 -0500, Benjamin Hornberger wrote:
At 08:32 AM 2/23/2005 +0100, Josephine wrote:
1. enter in your /etc/hosts file from the ssh server the ip and hostname of the machine you try to connect from (it is a dns lookup issue)
That helped. Thanks so much to all of you for your efforts!
Even though the problem is basically solved, I would like to ask another question: entering the gateway into the SSH server's /etc/hosts solved the problem. However, the SSH server also runs a name server (for a small private subnet), and entering the gateway into the name server database didn't help. Any hints on that? I thought if I run a name server, all I need in /etc/hosts is the localhost entry.
Do you have the gateway set to ask itself for DNS resolution? In /etc/resolv.conf, you need a "nameserver 1.2.3.4" or "nameserver 127.0.0.1" entry (where 1.2.3.4 is the local machine's IP) to know what name server to look at. You also need "hosts: files dns" in /etc/nsswitch.conf for libc to look at dns servers specified in resolv.conf. --Danny, ccing Benjamin since there have been problems with other messages getting to the list recently :(
participants (7)
-
Benjamin Hornberger
-
Danny Sauer
-
Doug Currey
-
Josephine
-
Mark Crean
-
Michael Siefritz
-
Sunny