I have exactly the same problem as described below. Except I do not think it is a DNS resolution issue (the client computer IP and name are the in the /etc/hosts file and in addition to that the host command returns results very quickly). 3 computers: A - Suse 9.1 B - Suse 9.1 C - RH 7.3 A> ssh B 6 second delay no matter the authentication mechanism (host or passwd) A> ssh C 6 second delay no matter the authentication mechanism (host or passwd) C> ssh A All fine and dandy. No delay with login. The hang occurs here: " user@A's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. " then a few seconds (about 6) later you get: " debug1: Requesting X11 forwarding with authentication spoofing. " motd
/var/log/message on the host computer shows: Aug 18 15:54:15 A sshd[21710]: Accepted password for X from XXXX port 33104 ssh2 Aug 18 15:54:22 A sshd(pam_unix)[21710]: session opened for user X by (uid=0) Aug 18 15:54:22 A X: X logged in Note: the time difference between acceptance and session opening (approx 7 seconds in this case). Just for fun I copied the RH7.3 ssh exe over to A and then tried: A> ssh B THERE WAS NO LOGIN DELAY! bizarre or what? I started to wonder if this is some odd Suse'ing of the openssh software so went and compiled the latest version (3.9) (static linking) on a Suse9.1 computer from openssh.com ..... nope same problem with: A> ssh B and a 6 second delay I then tried to ssh from the RH7.3 computer to a random solaris computer with the statically linked ssh exe and had the same 6 second delay at the same point: " user@solaris's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. " I then started to think there is some weirdness in openssh, but just for a bit more fun I tried my openSSH 3.9 statically linked ssh from another RH7.3 computer and got this: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: No xauth program. Warning: No xauth data; using fake authentication data for X11 forwarding. debug1: Requesting X11 forwarding with authentication spoofing. WITH NO LOGIN DELAY The difference in the debug messages is the: "debug1: No xauth program." which is bizarre as: which xauth /usr/X11R6/bin/xauth and if I remove xauth from my path on computer A then the login delay is still there, so I do not know what that is about. strace gives this as the sticking point (no matter which computer I run my compiled ssh on): " SNIP select(7, [3], [3], NULL, NULL) = 1 (out [3]) write(3, "^\243FP\373\321\355\356H\250\20\371\24\334\335\272\25]"..., 64) = 64 select(7, [3], [], NULL, NULL) = 1 (in [3]) read(3, "\213\323\372\r\336\206*\275\212\215\262G\250U\311b\271"..., 8192) = 48 stat64("/usr/X11/bin/xauth", {st_mode=S_IFREG|0755, st_size=38964, ...}) = 0 getpid() = 17897 stat64("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0 mkdir("/tmp/ssh-pOTeT17897", 0700) = 0 rt_sigaction(SIGINT, {SIG_IGN}, {0x804c1e0, [], SA_RESTORER, 0x80a3548}, 8) = 0 rt_sigaction(SIGQUIT, {SIG_IGN}, {0x804c1e0, [], SA_RESTORER, 0x80a3548}, 8) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 fork() = 17899 waitpid(17899, " where it waits for a few seconds then carries on to the login prompt. stuck..... X-Message-Number-for-archive: 203651 Date: Wed, 18 Aug 2004 10:32:07 +0200 Message-Id: <200408181032.07250.hansdp@newingtoncs.co.za> Subject: [SLE] Slow SSH login Hi all, We just replaced our office mail/file/web server (P-II running SUSE 9.0 Pro) with a faster machine. I loaded SUSE 9.1 Pro. Everything is working fine, except for one detail. When I ssh into it, there's a delay of about 6 seconds before I get a password prompt. The password prompt was instant on the older machine. I don't see anything in the config files, and the logs don't give me anything useful either: Aug 18 09:57:03 eos sshd[23798]: Accepted keyboard-interactive/pam for hansdp from ::ffff:192.168.16.25 port 60847 ssh2 Any ideas where to look? Thanks