[K12OSN] ssh issue with LDM

David Hopkins dahopkins429 at gmail.com
Thu Dec 15 15:11:23 UTC 2011


Thanks!  The contents of /etc/hosts and /etc/resolv.conf are (with
lines now commented out)

dhopkins at ncslts1:~> cat resolv.conf    localhost
#    ncslts7
# The following lines are desirable for IPv6 capable hosts
#::1     localhost ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts
dhopkins at ncslts1:~> cat resolv.conf
#domain ncs.k12.de.us
search ncs.k12.de.us

What is extremely strange is that there were not any issues at all and
then this issue started.  In the past, I have been able to track these
issues back to the configuration of the router (to which I have no
access, it is State controlled/configured).  I'll add a local hosts
file and see if this improves performance.

Dave Hopkins

On Wed, Dec 14, 2011 at 10:08 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> ssh does a reverse lookup to try and identify the far end of the connection.
> If the remote end doesn't resolve by a dns lookup, things get very, very
> slow. You can have an /etc/hosts file be sufficient as long as the
> /etc/nsswitch file is set to try hosts firsts (default).
> The TCs don't have a populated hosts file so they rely on DNS.
> Unless you supply a hosts file from the servers supply side /etc area for
> the TCs.
> On Wed, Dec 14, 2011 at 7:05 PM, David Hopkins <dahopkins429 at gmail.com>
> wrote:
>> All,
>> I am beginning to suspect this issue is because ssh isn't resolving
>> names correctly?  Timing
>> ssh myserver
>> from a shell (ALT-CTL-F2) takes about 30 seconds to resolve myserver.
>> However, ssh any_other_server returns immediately.  So, why wouldn't
>> myserver resolve quickly?  This is true from any of the servers ..
>> they do not resolve their names quickly.  On all of them, the local
>> (thin client) /etc/hosts has the form
>> localhost
>> ltsp50
>> server
>> where the thin client is lstp50 ... but ... server is not defined in
>> DNS, only in the thin clients /etc/hosts.  Logging in at the console
>> for any account also works.
>> This is very very very confusing and unfortunately, come tomorrow
>> morning is going to be a major issue.
>> Sincerely,
>> Dave Hopkins
>> On Wed, Dec 14, 2011 at 6:13 PM, David Hopkins <dahopkins429 at gmail.com>
>> wrote:
>> > We are having a major issue with thin client authentication. It
>> > started just after lunch time today. Authentication works fine from
>> > console and on terminal, but ssh takes a very long time to connect.
>> > One server (out of 5) can still connect though the login process takes
>> > quite a while to complete.  However, it is shorter than the other
>> > servers, so we suspect it is a timeout issue with LDM.
>> >
>> > From a shell at the thin client I can ssh to any system and
>> > authenticate.  However, trying to ssh from a shell at the client to
>> > the ltsp server that the client is connected to takes a very long
>> > time.  The response at the GUI login screen is "no response from
>> > server, restarting". We have already updated the sshkeys and
>> > completely rebuilt the image but this hasn't resolved the issue. How
>> > does LDM use ssh for authentication? Is there a reason ssh would have
>> > to be routed?  And .. why would ssh to any system except the system
>> > that the client booted from take so long?  We have enabled
>> > IP_Forwarding at the clients for localapps and that also works if that
>> > information is of any use.
>> >
>> > Any help is greatly appreciated!
>> >
>> > Sincerely,
>> > Dave Hopkins
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
> --
> --
> James P. Kinney III
> As long as the general population is passive, apathetic, diverted to
> consumerism or hatred of the vulnerable, then the powerful can do as they
> please, and those who survive will be left to contemplate the outcome.
> - 2011 Noam Chomsky
> http://heretothereideas.blogspot.com/
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list