Re: Postponed publickey for user - What does this mean?

From: Darren Tucker <dtucker@xxxxxxxxxxxxxxxx>
Date: Wed, 17 Jan 2007 14:25:08 +1100

On 2007-01-16, Jim Garrison <jhg@xxxxxxx> wrote:

Slightly obfuscated log entries:

Jan 15 00:02:06 helios sshd[22833]: Postponed publickey for zzz from
zzz.zzz.142.109 port 11815 ssh2
Jan 15 00:02:18 helios sshd[22832]: Accepted publickey for zzz from
zzz.zzz.142.109 port 11815 ssh2
Jan 15 00:02:18 helios sshd[22834]: pam_unix(sshd:session): session
opened for user zzz by (uid=0)
Jan 15 00:03:36 helios sshd[22834]: pam_unix(sshd:session): session
closed for user zzz

This is a valid user with a valid private key installed. What
is the meaning of the message and 12-second delay between
the first and second messages?

Simplifying somewhat, the pubkey protocol has 2 steps: first the client
asks if the server would accept a given public key, then if the server
indicates that it would, the client will provide a signature with the
corresponding private key. In the log, the "postponed" corresponds to
the first of these 2 steps.

Something is happening between these two steps that's slowing things
down. Some possibilities:

* the client or server is slow and/or the key is big, so generating or
validating the signature takes time.

* DNS problems (eg for login recording).

* something a PAM module is doing takes some time (depends on what
you have).

If you run the client and server with full debugging you might get a
better indication of what exactly it's doing when the pause occurs.
http://www.snailbook.com/faq/general-debugging.auto.html

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.

References:
- Postponed publickey for user - What does this mean?
  - From: Jim Garrison

Prev by Date: Postponed publickey for user - What does this mean?
Next by Date: Re: SSH Tunneling, view web site as though I am in the USA
Previous by thread: Postponed publickey for user - What does this mean?
Index(es):
- Date
- Thread

Relevant Pages

Re: Location of users private key in PKI solution
... If clients and server are Windows platforms, check out CAPICOM as it would ... > It sounds as though I should design the system so that the client ... > application performs the signing operation as that is the most likely ... >> The private key is typically located on the users machine. ...
(microsoft.public.security)
Re: Location of users private key in PKI solution
... If clients and server are Windows platforms, check out CAPICOM as it would ... > It sounds as though I should design the system so that the client ... > application performs the signing operation as that is the most likely ... >> The private key is typically located on the users machine. ...
(microsoft.public.win2000.security)
Re: Location of users private key in PKI solution
... It sounds as though I should design the system so that the client ... signing/verification technology incorporated into the server. ... Presumably the steps in signing will be as follows: ... > The private key is typically located on the users machine. ...
(microsoft.public.security)
Re: Location of users private key in PKI solution
... It sounds as though I should design the system so that the client ... signing/verification technology incorporated into the server. ... Presumably the steps in signing will be as follows: ... > The private key is typically located on the users machine. ...
(microsoft.public.win2000.security)
Re: How to use certificates?
... I expect that server will know the client public key, ... > private key for that certificate. ...
(microsoft.public.dotnet.framework.webservices.enhancements)