delay after ssh'ing into a server

Stephen Carville stephen at totalflood.com
Thu Oct 5 21:36:43 UTC 2006 

Bill Tangren wrote:
> Stephen Carville wrote:
>> Bill Tangren wrote:
>>> Mahesh Pokala wrote:
>>>> Check /etc/resolv.conf  for valid dns entries
>>>> Check /etc/nsswitch.conf  for valid entries.
>>>>
>>>
>>> I don't see anything unusual in them, and I haven't changed them. 
>>> Also, they are the same as the same files on the other servers, and 
>>> those servers don't have this problem. I've tried this from several 
>>> different servers. I've also asked others to try, and they have the 
>>> same problem.
>>
>> try ssh -vv user at wherever to see where the hang is happening.
> 
> [root at eunomia ~]# ssh -vv bjt at aa
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to aa [10.1.5.93] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> 
> Then the 30 second pause... then

Still looks like name resolution problem.  Just for S&G try putting yoru 
machine and IP address in /etc/hosts and make sure yout host line in 
nsswitch.conf includes files.  AKA:

hosts:	files dns

> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug2: fd 3 setting O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> 
> and a lot of other stuff.
> 
>>
>> On the server try dig -x client.IP.add.ress to be sure reverse DNS works.
> 
> [root at aa ~]# dig -x eunomia.usno.navy.mil
> 
> ; <<>> DiG 9.2.4 <<>> -x eunomia.usno.navy.mil
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51067
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;mil.navy.usno.eunomia.in-addr.arpa. IN PTR
> 
> ;; Query time: 19 msec
> ;; SERVER: 10.1.1.5#53(10.1.1.5)
> ;; WHEN: Thu Oct  5 16:01:57 2006
> ;; MSG SIZE  rcvd: 52
> 
> It seems to work just fine. I'm at a loss.

dig -x means IP address -> name mapping.  Try it with your IP address 
not your machine name.

Try setting UseDNS to No to disable lookups

> 
>>
>>>> Mahesh
>>>>
>>>> -----Original Message-----
>>>> From: redhat-list-bounces at redhat.com 
>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bill Tangren
>>>> Sent: Thursday, October 05, 2006 1:29 PM
>>>> To: General Red Hat Linux discussion list
>>>> Subject: delay after ssh'ing into a server
>>>>
>>>> I am having an odd problem with one of my RHEL servers. When I issue 
>>>> the command to ssh into it:
>>>>
>>>> $ ssh aa
>>>>
>>>> there is a 30 second delay before I get the password prompt. I tried 
>>>> deleting the appropriate line in ~/.ssh/known-hosts and trying it 
>>>> again, but I still got a 30 second delay before I got this message:
>>>>
>>>> The authenticity of host 'aa (10.1.5.93)' can't be established.
>>>> RSA key fingerprint is <a:long:hex:number>.
>>>> Are you sure you want to continue connecting (yes/no)? yes
>>>> Warning: Permanently added 'aa,10.1.5.93' (RSA) to the list of known 
>>>> hosts.
>>>>
>>>> This is what the log looks like during this time:
>>>>
>>>> Oct  5 14:52:30 aa xinetd[3098]: START: ssh pid=23524 from=10.1.5.58 
>>>> Oct  5 18:53:12 aa sshd[23567]: Accepted password for bjt from 
>>>> 10.1.5.58 port
>>>> 32818 ssh2
>>>> Oct  5 14:53:12 aa sshd[23524]: Accepted password for bjt from 
>>>> 10.1.5.58 port
>>>> 32818 ssh2
>>>>
>>>> Notice the 42 second time delay. The first line appeared in the log 
>>>> just after I send the "ssh aa" command.
>>>>
>>>> I must have done something to make the system delay after receiving 
>>>> the connection request, but I can't imagine what. Googling turned up 
>>>> nothing for me.
>>>>
>>>> Any ideas?
>>>>
>>>> Bill Tangren
>>>>
>>>> -- 
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>
>>>
>>
>>
> 


-- 
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

More information about the redhat-list mailing list