I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received
and then it sits there for 1-2 minutes and then this output blasts out:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Next authentication method: publickey debug1: Trying private key: /home/motor/.ssh/id_rsa debug1: Trying private key: /home/motor/.ssh/id_dsa debug1: Trying private key: /home/motor/.ssh/id_ecdsa debug1: Trying private key: /home/motor/.ssh/id_ed25519 debug1: Next authentication method: password
And then the password prompt comes out. This happens no matter which user is logging in. It only happens on the 1 system. I have 5 others where the proceeds without the delay.
There are no disk or memory or any other errors in the logs.
What could be causing it to delay like this?
On Wed, November 16, 2016 5:07 pm, Larry Martell wrote:
I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt.
First thing I would check is that that system doesn't have unaccessible DNS server listed in:
/etc/resolv.conf
(another thing, similarly DNS related: if you have caching name server on that box, check if that doesn't cause delay the you see).
Valeri
I ran ssh -v and I found that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received
and then it sits there for 1-2 minutes and then this output blasts out:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Next authentication method: publickey debug1: Trying private key: /home/motor/.ssh/id_rsa debug1: Trying private key: /home/motor/.ssh/id_dsa debug1: Trying private key: /home/motor/.ssh/id_ecdsa debug1: Trying private key: /home/motor/.ssh/id_ed25519 debug1: Next authentication method: password
And then the password prompt comes out. This happens no matter which user is logging in. It only happens on the 1 system. I have 5 others where the proceeds without the delay.
There are no disk or memory or any other errors in the logs.
What could be causing it to delay like this? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 11/16/2016 3:07 PM, Larry Martell wrote:
I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received
and then it sits there for 1-2 minutes and then this output blasts out:
wild guess says someone is doing a reverse DNS lookup thats timing out.
Edit /etc/ssh/sshd_config
Set:
UseDNS no GSSAPIAuthentication no
Save, restart sshd, try again.
digimer
On 16/11/16 06:07 PM, Larry Martell wrote:
I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received
and then it sits there for 1-2 minutes and then this output blasts out:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Next authentication method: publickey debug1: Trying private key: /home/motor/.ssh/id_rsa debug1: Trying private key: /home/motor/.ssh/id_dsa debug1: Trying private key: /home/motor/.ssh/id_ecdsa debug1: Trying private key: /home/motor/.ssh/id_ed25519 debug1: Next authentication method: password
And then the password prompt comes out. This happens no matter which user is logging in. It only happens on the 1 system. I have 5 others where the proceeds without the delay.
There are no disk or memory or any other errors in the logs.
What could be causing it to delay like this? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 17/11/16 16:34, Digimer wrote:
Edit /etc/ssh/sshd_config
Set:
UseDNS no GSSAPIAuthentication no
Save, restart sshd, try again.
This will certainly stop the long timeout, but I prefer telling people to fix their DNS. The long timeout is indicative of a DNS issue and turning off DNS for ssh is just masking the real problem. I prefer to leave DNS on for ssh as it's a good indicator for me of when I have to fix something.
Peter
On 16/11/16 11:06 PM, Peter wrote:
On 17/11/16 16:34, Digimer wrote:
Edit /etc/ssh/sshd_config
Set:
UseDNS no GSSAPIAuthentication no
Save, restart sshd, try again.
This will certainly stop the long timeout, but I prefer telling people to fix their DNS. The long timeout is indicative of a DNS issue and turning off DNS for ssh is just masking the real problem. I prefer to leave DNS on for ssh as it's a good indicator for me of when I have to fix something.
Peter
It can also happen if the target has lost its internet connection, is air-gapped or otherwise legitimately offline. Your point is valid, though, if the Internet should be up.
-
Digimer -
John R Pierce -
Larry Martell -
Peter -
Valeri Galtsev