strange ssh performance issues

[Harald Hoyer]

Kevin Kempter wrote:
> Hi List;
> 
> First let me say that (1) I have a fairly unusual (I suspect) ssh setup, and 
> (2) I hate the virus known as windows 
> 
> 
> Here's the deal;
> 
> The client I'm working for uses a SonicWall firewall to control access to the 
> data centers. Unfortunately there are issues with the Linux openVPN clients 
> (specifically open swan) where it connects but locks all other connections 
> out of the firewall. So, until we figure this out the solution is to use the 
> windows version of the SonicWall client.  I've installed vmware and installed 
> a copy of VirusXP (AKA Windows XP). I installed cygwin and followed the 
> instructions here to install the ssh server: 
> ( http://pigtail.net/LRP/printsrv/cygwin-sshd.html ) although I did not run 
> the mkpasswd and mkgroup commands, they seemed to break the install of ssh 
> server.
> 
> Anyway, I also setup an ssh key so I could login to the M of VirusXP without a 
> password. 
> 
> Next I setup a config file in my Linux $HOME/.ssh dir with many entries like 
> this (one for each host in the data ceners that I need to connect to):
> 
> Host dataCenterHostname
>         Hostname 10.1.x.x               # data center I.P.
>         HostKeyAlias 10.1.x.x          # data center I.P.
>         ProxyCommand /usr/local/bin/netcat-proxy-command 172.16.128.128 %h
> 
> 
> The 172.16.128.128 I.P. addr is the I.P. of the VirusXP image within vmware 
> via nat. (I could not make the ssh connections work via bridged networking).
> 
> The /usr/local/bin/netcat-proxy-command script is a netcat (nc) script and 
> contains this:
> 
> #!/bin/sh
> gateway=$1
> internal=$2
> ssh $gateway nc -w 1 $internal 22
> 
> To use this setup I boot up VirusXP, open the SonicWall VPN client and connect 
> to one or more of the data centers.  Then in Fedora 7 (the host OS) I open a 
> terminal and run this:
> ssh dataCenterHostname
>  
> so, to my issue. Most of the time this setup works fairly well, in that it 
> does connect. It usually takes about 30 seconds for me to get a password 
> prompt for the target data center host. This is acceptable but I think 
> there's something weird going on that delay's the connection. I say this 
> because I can open a cygwin windowin VirusXP and do an ssh <I.P.> and I get a 
> password prompt immediately.
> 
> The main issue is that several times a day the connections start to take 
> several minutes to return the password prompt. I need to restart the cygwin 
> service in VirusXP, and sometimes that doesn't help so I reboot the VM 
> instance of VirusXP. This is quite frustrating, however I'm a DBA and have 
> limited networking knowledge. Does anyone have any thoughts?, suggestions?, 
> comments?
> 
> Thanks in advance..
> 

You may try:

Host dataCenterHostname:
         GSSAPIAuthentication no

in ~/.ssh/config