I've got another slow-logging box, and this time I'd recorded the log *before* fixing it...
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.10.10 [192.168.10.10] port 22. debug1: Connection established. debug1: identity file /home/thoriumbr/.ssh/identity type -1 debug1: identity file /home/thoriumbr/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/thoriumbr/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.10.10' is known and matches the RSA host key. debug1: Found key in /home/thoriumbr/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Offering public key: /home/thoriumbr/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /home/thoriumbr/.ssh/identity debug1: Trying private key: /home/thoriumbr/.ssh/id_dsa debug1: Next authentication method: password [email protected]'s password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 To fix that delay, turn off gssapi-with-mic... Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. On Fri, Mar 20, 2009 at 2:34 PM, Scott Rohling <[email protected]>wrote: > Or if a nameserver in /etc/resolv.conf is not really available --- it can > cause timeouts as reverse lookups on the incoming IP address are done... > > Make sure your /etc/resolv.conf lists nameservers that are actually > reachable.. > > Scott > > On Fri, Mar 20, 2009 at 11:30 AM, Mauro Souza <[email protected]> wrote: > > > Hi George! > > > > I had this issue in RHEL4 too... > > Try this: > > > > ssh -v u...@host.... > > > > You will see sshd trying to load lots of auth schemes (even mic, I > > think)... > > You can then edit /etc/ssh/sshd_config and get rid of the unused auth > > schemes... > > > > Mauro > > http://mauro.limeiratem.com - registered Linux User: 294521 > > Scripture is both history, and a love letter from God. > > > > > > On Fri, Mar 20, 2009 at 2:28 PM, Shedlock, George < > [email protected] > > >wrote: > > > > > We are running SUSE SLES 10 SP 2. When we login to the server via SSH, > > our > > > pam module that validates the userid against Active Directory completes > > with > > > a successful logon (as seen on the syslog), but it is some 40-50 > seconds > > > before we see the logon prompt to the user. Can anyone suggest a course > > of > > > action to isolate and resolve this delay? Pointers to a logic flow of > the > > > modules involved would be helpful. > > > > > > George > > > > > > ---------------------------------------------------------------------- > > > For LINUX-390 subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO LINUX-390 > or > > > visit > > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > > > > > ---------------------------------------------------------------------- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
