help with ssh ?
Phil Meyer
pmeyer at themeyerfarm.com
Tue Sep 4 22:26:12 UTC 2007
Kevin Kempter wrote:
> Hi List;
>
> I have a machine I want to ssh to with no passwd. I've done this on my local
> fedora 7 box:
>
> $ ssh-keygen -t dsa -f .ssh/id_dsa
> $ cd .ssh
> $ scp id_dsa.pub user at remote:~/.ssh/id_dsa.pub
>
>
> Then I connected to the remote box and did this:
>
> $ ssh user at remote
> [remote-box] $ cd .ssh
>
> [remote-box] $ cat id_dsa.pub >> authorized_keys2
> [remote-box] $ chmod 640 authorized_keys2
> [remote-box] $ rm id_dsa.pub
> [remote-box] $ exit
>
> The scp took like 5min
>
> Then I try and connect like this (remote box is 172.16.128.128) :
>
> $ ssh -v 172.16.128.128
>
> and I get this:
> OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
> debug1: Reading configuration data /home/kkempter/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 172.16.128.128 [172.16.128.128] port 22.
> debug1: Connection established.
> debug1: identity file /home/kkempter/.ssh/identity type -1
> debug1: identity file /home/kkempter/.ssh/id_rsa type 1
> debug1: identity file /home/kkempter/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6
> debug1: match: OpenSSH_4.6 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.5
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '172.16.128.128' is known and matches the RSA host key.
> debug1: Found key in /home/kkempter/.ssh/known_hosts:13
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/kkempter/.ssh/identity
> debug1: Offering public key: /home/kkempter/.ssh/id_rsa
>
> At this point ssh hangs for like 4 or 5 minutes, then I get this:
>
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
> Last login: Tue Sep 4 16:26:13 2007 from 172.16.128.1
>
> Then it hangs again for another 2 - 3 minutes and finally I get a prompt.
>
> the remote box is a windows XP box in vmware on my local fedora box running
> cygwin
>
> Any thoughts?
>
>
Almost a certainty that is a DNS issue. Whenever ssh hangs like that
with no error, it is almost always is DNS on the system you are trying
to log into.
ssh tries very hard to be a good citizen and allow updates to utmp
and wxtmp databases, which require FQDNS names.
You can tell quite simply if this is the case.
After the LONG pause to get logged in, do:
$ w
or
$ who
That is the old BSD style who program, that by default shows
the host name for remote logins. If your session lists the IP Address
instead of the host name, you know for sure that the DNS reverse name
lookup for that login session failed.
Most DNS failures for ssh are set at about 120 seconds by default.
Good Luck!
More information about the fedora-list
mailing list