Re: ssh connection pause



Hi all, I've finally figured this one out.

After sniffing some traffic I found that, even with "UseDNS no", the sshd
was still performing DNS queries. For some reason in this newer version it
was performing an ipv6 (AAAA) query first, which the DNS server seems to
be silently discarding rather than replying with an NXDOMAIN.

As a workaround I edited /etc/netsvc.conf from "hosts = local, bind" to
"hosts = local, bind4"

Thanks to everyone who replied and helped with this issue.

Regards,

David





David R Green <dgreen49@xxxxxxxxxx>
Sent by: listbounce@xxxxxxxxxxxxxxxxx
24/06/2008 03:36 PM

To
Georgi Stanojevski <glisha@xxxxxxxxx>
cc
secureshell@xxxxxxxxxxxxxxxxx
Subject
Re: ssh connection pause






Hi Georgi,

I provided the output of that in my original post:

From the client:
---
dgreen49@linuxhost1 [~]# ssh -vvv aixhost1
OpenSSH_4.3p2-hpn, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /opt/soe/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.44.138.107 [10.44.138.107] port 22.
debug1: Connection established.
debug1: identity file /home/dgreen49/.ssh/identity type -1
debug1: identity file /home/dgreen49/.ssh/id_rsa type -1
debug1: identity file /home/dgreen49/.ssh/id_dsa type -1

<pauses here>

debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.6p1-hpn12v17
debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
debug2: fd 3 setting O_NONBLOCK
[...]
---

From the server:
---
root@aixhost1 [~]# /opt/soe/local/openssh/sbin/sshd -ddd
[...]
debug1: rexec_argv[0]='/opt/soe/local/openssh/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
debug1: HPN Buffer Size: 131072
Server listening on 0.0.0.0 port 22.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 1421
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

<pauses here>

debug1: inetd sockets after dupping: 3, 3
Connection from linuxhost1 port 1119
[...]
---

Regards,

David


Georgi Stanojevski <glisha@xxxxxxxxx> wrote on 24/06/2008 03:32:28 PM:

David R Green wrote:

I should mention that these AIX servers were successfully running
openssh
4.5. It's only since the upgrade to 4.6 that the connection pause
occurs.

Run the ssh client in verbose mode (ex. ssh -vv user@host) and see where


does the pause happen.

--
Glisha



Relevant Pages

  • Problem: passwordless login with Kerberos doesnt work
    ... I installed 2 testmachines, configured MIT Kerberos, LDAP and PAM and got to the point where we all can login on to the SSH server using our Active Directory credentials. ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Offering GSSAPI proposal: ...
    (comp.security.ssh)
  • Problem: passwordless SSH-login with Kerberos doesnt work
    ... I installed 2 testmachines, configured MIT Kerberos, OpenLDAP and PAM and got to the point where we all can login on to the SSH server using our Active Directory credentials. ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug1: Offering GSSAPI proposal: ...
    (comp.protocols.kerberos)
  • Re: Trouble with OpenSSH 3.4p1 - Cant connect with an RSA key pair
    ... >> I have a computer functioning as a server using RedHat 8.0 with OpenSSH ... I am experiencing a similar problem using passkey authentication with the ... < debug2: bits set: 1604/3191 ... < debug1: Server accepts key: pkalg ssh-rsa blen 149 ...
    (comp.security.ssh)
  • Re: problem with HostbasedAuthentication
    ... debug1: Connection established. ... debug2: fd 3 setting O_NONBLOCK ... debug3: Wrote 792 bytes for a total of 831 ... I am now trying to setup a hostbased ssh from server to ...
    (SSH)
  • Non root scp problem
    ... This is a production web server and the webmaster uses a non-root account to copy files constantly. ... debug1: Connecting to ares port 22. ... invalid collation element ...
    (SSH)