I have an OpenSuSE 11.1 server that I use for SSH, FTP and Squid. When I connect to SSH or FTP, there is a strange 15 second delay before anything happens. This also happens on my desktop (11.1), but there was a previous installation on the server that did not have this lag. The delay is present from any computer on the network, and if I connect to SSH in verbose mode it says that the connection has been acknowledge before the delay. Any ideas?
SSH Log:
…
debug1: SSH2_MSG_SERVICE_ACCEPT received
[Delay]
debug1: Authentications that can continue: publickey,keyboard-interactive
…
Note: In PuTTY under Windows, the delay ends just as the connection issue window displays.
Can you show the entire transaction, maybe with -vvv instead of just -v?
Also anything in /var/log/messages on the server side that may be
relevant? Are you doing anything other than logging in? Does it happen
when you login to the machine from itself (ssh localhost)?
Good luck.
bamt wrote:
> I have an OpenSuSE 11.1 server that I use for SSH, FTP and Squid. When I
> connect to SSH or FTP, there is a strange 15 second delay before
> anything happens. This also happens on my desktop (11.1), but there was
> a previous installation on the server that did not have this lag. The
> delay is present from any computer on the network, and if I connect to
> SSH in verbose mode it says that the connection has been acknowledge
> before the delay. Any ideas?
>
> SSH Log:
> …
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> [Delay]
> debug1: Authentications that can continue:
> publickey,keyboard-interactive
> …
>
> Note: In PuTTY under Windows, the delay ends just as the connection
> issue window displays.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
This could be a simple DNS issue on the server itself. If there is one. Do you use DNS ?
Or does the ssh server have a correctly configured host file and resolv.conf file ? The resolv.conf file should also include the domain suffix relevent to the ssh server.
I have seen delays as you describe caused by these issues, the local box is attempting to “find” itself, and eventually times out. Hence the lag.
When SSHing from localhost the password prompt is instant, as well as from the Internet; only local addresses are experiencing the delay. Perhaps it is my router that lacks DNS? (My PCs cannot look up names for each other with the current router, unlike the previous one.) How could I fix the DNS with resolv.conf or hosts?
Also, neither the server side SSH log nor the client side log seem to contain anything related to the freeze. The server side simply says “Accepted keyboard-interactive/pam for [user] from 192.168.#].#] port [random]” and the client seems to do a normal connection procedure.
Current resolv.conf:
search local
nameserver 192.168.0.1
Current hosts:
127.0.0.1 localhost
… (Generic IPv6 entries, but IPv6 is disabled)
127.0.0.2 fileserver.home fileserver
If SSH cannot do a reverse lookup of the IP address to a DNS name then
maybe that could be the problem. Does using ‘dig -x’ with the IP address
come back at all? Quickly? You could hard-code any old hostname into
/etc/hosts, sure, but doing that on every box you have could be a pain.
You can also use public DNS servers assuming you are setup for DNS
properly with those IP addresses but if you were you could probably use
your own DNS servers as well (just specify them normally in Yast or
directly in /etc/resolv.conf).
Good luck.
bamt wrote:
> When SSHing from localhost the password prompt is instant, as well as
> from the Internet; only local addresses are experiencing the delay.
> Perhaps it is my router that lacks DNS? (My PCs cannot look up names for
> each other with the current router, unlike the previous one.) How could
> I fix the DNS with resolv.conf or hosts?
>
> Also, neither the server side SSH log nor the client side log seem to
> contain anything related to the freeze. The server side simply says
> “Accepted keyboard-interactive/pam for [user] from 192.168.#].#] port
> [random]” and the client seems to do a normal connection procedure.
>
> Current resolv.conf:
> search local
> nameserver 192.168.0.1
>
> Current hosts:
> 127.0.0.1 localhost
> … (Generic IPv6 entries, but IPv6 is disabled)
> 127.0.0.2 fileserver.home fileserver
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/