Hi all,
I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login.
My tcpdump -vv weren't producing much output (not good) and my pings to and from that host were normal and almost identical to other hosts on my subnet that had no ssh login delay issues.
Log files also showed nothing alarming.
My hosts file was missing this at the very end of the file;
::1 localhost6.localdoamin6 localhost6
I chose to disable ipv6 during install but no big deal that I needed that line.
My question is;
What tools could I have used to trouble shoot this as packet sniffers on the switch port or the host didn't seem to do the trick, nor did log file analysis?
I just had a hunch and decided to look at my hosts file, not the most effective way to fix issues but one I've used several times.
Thanks in advance, - aurf
aurfalien@gmail.com wrote:
Hi all,
I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login.
This is frequently a DNS issue, is forward+reverse DNS functional?
You can also run SSH in debugging mode on the server, and increase verbosity on the client. See the man pages.. I usually just fire up another sshd on another port and test with that.
nate
aurfalien@gmail.com wrote:
Hi all,
I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login.
This is frequently a DNS issue, is forward+reverse DNS functional?
DNS was normal, forward reverse lookups exist and match that host.
I'll turn on ssh debug and remove that line at the end of hosts to see what happens.
Thanks for the ideas.
- aurf
----- Original Message ----
From: "aurfalien@gmail.com" aurfalien@gmail.com To: CentOS mailing list centos@centos.org Sent: Thu, 21 January, 2010 20:07:27 Subject: Re: [CentOS] trouble shooting slow ssh logins
aurfalien@gmail.com wrote:
Hi all,
I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login.
This is frequently a DNS issue, is forward+reverse DNS functional?
DNS was normal, forward reverse lookups exist and match that host.
Is the server able to to reverse lookups on the IP address of the incoming client?
A day or two ago post a suggestion to use UseDNS No in the sshd config file (from memory), which worked for me.
HTH.
----- Original Message ----
From: "aurfalien@gmail.com" aurfalien@gmail.com To: CentOS mailing list centos@centos.org Sent: Thu, 21 January, 2010 20:07:27 Subject: Re: [CentOS] trouble shooting slow ssh logins
aurfalien@gmail.com wrote:
Hi all,
I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login.
This is frequently a DNS issue, is forward+reverse DNS functional?
DNS was normal, forward reverse lookups exist and match that host.
Is the server able to to reverse lookups on the IP address of the incoming client?
A day or two ago post a suggestion to use UseDNS No in the sshd config file (from memory), which worked for me.
HTH.
The DNS server also behaved regarding name/ip addy lookups.
This server is a Zimbra mail server which during install, checks for proper DNS configs. I usually check proper functioning DNS by hand anyways.
The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts.
- aurf
2010/1/22 aurfalien@gmail.com:
The DNS server also behaved regarding name/ip addy lookups.
This server is a Zimbra mail server which during install, checks for proper DNS configs. I usually check proper functioning DNS by hand anyways.
The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts.
We got delayes by GSSAPIAuthentication, which we don't use.
Try disabling it if you don't need it.
"ssh -vvvv" might reveal more about where the delay happens.
--Amos
The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts.
Perhaps IPv6 is enabled. I had a few instances where I turned it off during install, but found it enabled at runtime. I had assumed I was being careless during install... but perhaps this a bug.
Check the interface using ifconfig to see what it's status is.
In terms of tools for debugging, I would use strace/truss after using the -v switch to ssh. Strace and truss will show you what system functions are being called during application runtime (by the ssh client, in this case).
-geoff
--------------------------------- Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/
*You may have a firewall, try check iptable using iptable -L cmd, if you see rolls try stop **iptable **service just for checking and test ssh*.
-------------------------- Best Wishes, Waleed Harbi
Dream | Do | Be
On Fri, Jan 22, 2010 at 3:09 PM, Geoff Galitz geoff@galitz.org wrote:
The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts.
Perhaps IPv6 is enabled. I had a few instances where I turned it off during install, but found it enabled at runtime. I had assumed I was being careless during install... but perhaps this a bug.
Check the interface using ifconfig to see what it's status is.
In terms of tools for debugging, I would use strace/truss after using the -v switch to ssh. Strace and truss will show you what system functions are being called during application runtime (by the ssh client, in this case).
-geoff
Geoff Galitz Blankenheim NRW, Germany http://www.galitz.org/ http://german-way.com/blog/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Amos Shapira -
aurfalien@gmail.com -
Geoff Galitz -
Ian Murray -
nate -
Waleed Harbi