[Bug 84899] Re: SSH with GSSAPIAuthentication option on SSH servers are very slow

ahildoer Tue, 18 Dec 2007 09:05:48 -0800

SOLVED for me.

I was having a 5-10 second delay when logging in via SSH. Here was my
fix:

- On the client:
In /etc/ssh/ssh_config, set: 'GSSAPIAuthentication no'

-On the server:
In /etc/nsswitch.conf, change the 'hosts:' line to read this: 'hosts:          
files dns'

After those two changes, logins were smoking fast.

Here is an ssh -vvv trace of when I was having the problem, look for
line that says "***LOGIN DELAY ":

OpenSSH_4.6p1 Debian-5build1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to ***HIDDEN*** port 22.

debug1: Connection established.

debug1: identity file /home/***HIDDEN***/.ssh/identity type -1

debug3: Not a RSA1 key file /home/***HIDDEN***/.ssh/id_rsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/***HIDDEN***/.ssh/id_rsa type 1

debug1: identity file /home/***HIDDEN***/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.6p1 Debian-5build1

debug1: match: OpenSSH_4.6p1 Debian-5build1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5build1

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-
cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc
,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-
cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc
,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib

debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-
cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc
,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-
cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc
,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]

debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 148/256

debug2: bits set: 489/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename
/home/***HIDDEN***/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug3: check_host_in_hostfile: filename
/home/***HIDDEN***/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 8

debug1: Host '***HIDDEN***' is known and matches the RSA host key.

debug1: Found key in /home/***HIDDEN***/.ssh/known_hosts:1

debug2: bits set: 498/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/***HIDDEN***/.ssh/identity ((nil))

debug2: key: /home/***HIDDEN***/.ssh/id_rsa (0x80057558)

debug2: key: /home/***HIDDEN***/.ssh/id_dsa ((nil))


***LOGIN DELAY OF 5-10 SECONDS HERE***

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/***HIDDEN***/.ssh/identity

debug3: no such identity: /home/***HIDDEN***/.ssh/identity

debug1: Offering public key: /home/***HIDDEN***/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Server accepts key: pkalg ssh-rsa blen 277

debug2: input_userauth_pk_ok: fp
82:3e:2d:18:5a:fe:74:03:fa:0d:a8:b7:e2:d9:5a:2f

debug3: sign_and_send_pubkey

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

debug2: fd 6 setting O_NONBLOCK

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 0

debug3: tty_make_modes: ospeed 38400

debug3: tty_make_modes: ispeed 38400

debug3: tty_make_modes: 1 3

debug3: tty_make_modes: 2 28

debug3: tty_make_modes: 3 127

debug3: tty_make_modes: 4 21

debug3: tty_make_modes: 5 4

debug3: tty_make_modes: 6 255

debug3: tty_make_modes: 7 255

debug3: tty_make_modes: 8 17

debug3: tty_make_modes: 9 19

debug3: tty_make_modes: 10 26

debug3: tty_make_modes: 12 18

debug3: tty_make_modes: 13 23

debug3: tty_make_modes: 14 22

debug3: tty_make_modes: 18 15

debug3: tty_make_modes: 30 0

debug3: tty_make_modes: 31 0

debug3: tty_make_modes: 32 0

debug3: tty_make_modes: 33 0

debug3: tty_make_modes: 34 0

debug3: tty_make_modes: 35 0

debug3: tty_make_modes: 36 1

debug3: tty_make_modes: 37 0

debug3: tty_make_modes: 38 1

debug3: tty_make_modes: 39 1

debug3: tty_make_modes: 40 0

debug3: tty_make_modes: 41 1

debug3: tty_make_modes: 50 1

debug3: tty_make_modes: 51 1

debug3: tty_make_modes: 52 0

debug3: tty_make_modes: 53 1

debug3: tty_make_modes: 54 1

debug3: tty_make_modes: 55 1

debug3: tty_make_modes: 56 0

debug3: tty_make_modes: 57 0

debug3: tty_make_modes: 58 0

debug3: tty_make_modes: 59 1

debug3: tty_make_modes: 60 1

debug3: tty_make_modes: 61 1

debug3: tty_make_modes: 62 0

debug3: tty_make_modes: 70 1

debug3: tty_make_modes: 71 0

debug3: tty_make_modes: 72 1

debug3: tty_make_modes: 73 0

debug3: tty_make_modes: 74 0

debug3: tty_make_modes: 75 0

debug3: tty_make_modes: 90 1

debug3: tty_make_modes: 91 1

debug3: tty_make_modes: 92 0

debug3: tty_make_modes: 93 0

debug1: Sending environment.

debug3: Ignored env SSH_AGENT_PID

debug3: Ignored env SHELL

debug3: Ignored env TERM

debug3: Ignored env GTK_RC_FILES

debug3: Ignored env WINDOWID

debug3: Ignored env OLDPWD

debug3: Ignored env USER

debug3: Ignored env LS_COLORS

debug3: Ignored env LIBGL_DRIVERS_PATH

debug3: Ignored env SSH_AUTH_SOCK

debug3: Ignored env GNOME_KEYRING_SOCKET

debug3: Ignored env SESSION_MANAGER

debug3: Ignored env USERNAME

debug3: Ignored env PATH

debug3: Ignored env DESKTOP_SESSION

debug3: Ignored env GDM_XSERVER_LOCATION

debug3: Ignored env PWD

debug1: Sending env LANG = en_US.UTF-8

debug2: channel 0: request env confirm 0

debug3: Ignored env GDM_LANG

debug3: Ignored env GDMSESSION

debug3: Ignored env HISTCONTROL

debug3: Ignored env SHLVL

debug3: Ignored env HOME

debug3: Ignored env GNOME_DESKTOP_SESSION_ID

debug3: Ignored env LOGNAME

debug3: Ignored env XDG_DATA_DIRS

debug3: Ignored env DBUS_SESSION_BUS_ADDRESS

debug3: Ignored env LESSOPEN

debug3: Ignored env WINDOWPATH

debug3: Ignored env DISPLAY

debug3: Ignored env LESSCLOSE

debug3: Ignored env COLORTERM

debug3: Ignored env XAUTHORITY

debug3: Ignored env _

debug2: channel 0: request shell confirm 0

debug2: fd 3 setting TCP_NODELAY

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel 0: rcvd adjust 131072

debug2: channel 0: rcvd eof

debug2: channel 0: output open -> drain

debug2: channel 0: obuf empty

debug2: channel 0: close_write

debug2: channel 0: output drain -> closed

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug2: channel 0: rcvd close

debug2: channel 0: close_read

debug2: channel 0: input open -> closed

debug3: channel 0: will not send data after close

debug2: channel 0: almost dead

debug2: channel 0: gc: notify user

debug2: channel 0: gc: user detached

debug2: channel 0: send close

debug2: channel 0: is dead

debug2: channel 0: garbage collecting

debug1: channel 0: free: client-session, nchannels 1

debug3: channel 0: status: The following connections are open:

  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)


debug3: channel 0: close_fds r -1 w -1 e 6 c -1

debug1: fd 2 clearing O_NONBLOCK

Connection to ***HIDDEN*****HIDDEN**** closed.

debug1: Transferred: stdin 0, stdout 0, stderr 39 bytes in 2.8 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 13.9

debug1: Exit status 0


-Anthony Hildoer
http://www.hildoersystems.com
[EMAIL PROTECTED]

-- 
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 84899] Re: SSH with GSSAPIAuthentication option on SSH servers are very slow

Reply via email to