Professional Web Applications Themes

ssh password delay - FreeBSD

I could use some help troubleshooting a problem that I am having with long delays before receiving a password prompt when I log onto my FreeBSD box via ssh. I have done quite a bit of googling and I realize that the problem likely has something to do with reverse DNS lookups. But, I don't know how to pinpoint the problem from there. I've basically been playing with the /etc/resolv.conf and /etc/hosts settings. In my hosts file, I have an entry for the private IP of my Linux box with its hostname (which is not a FQDN) and my resolv.conf ...

  1. #1

    Default ssh password delay

    I could use some help troubleshooting a problem that I am having with
    long delays before receiving a password prompt when I log onto my
    FreeBSD box via ssh.

    I have done quite a bit of googling and I realize that the problem
    likely has something to do with reverse DNS lookups. But, I don't know
    how to pinpoint the problem from there. I've basically been playing
    with the /etc/resolv.conf and /etc/hosts settings. In my hosts file, I
    have an entry for the private IP of my Linux box with its hostname
    (which is not a FQDN) and my resolv.conf file looks like:

    domain myrealdomain.com //I just added this, but no noticeable help
    search myrealdomain.com
    nameserver my.ip's.dns.numbers
    nameserver my.ip's.dns.numbers2

    Here's a more detailed explanation of the problem. To me, the problem
    seems very peculiar. The problem only exists whenever I use my laptop
    (which is running Linux) from within my own LAN. I can get around it
    by logging onto my ISP's server or my school's server (either one) and
    then logging back into my FreeBSD box from there. If I am at school
    with my laptop, I can even log into my FreeBSD server at home directly
    without a delay. But, if I try going directly to my FreeBSD box from my
    laptop when they are both inside the LAN, I get a very long delay (like
    3 minutes). Sometimes the delay is so long, the connection times out
    and I never get a prompt.

    I have set the logging level up to DEBUG3 in the /etc/sshd_config file.
    But, I don't see where any verbose output is going.

    This problem is on FreeBSD 4.10-RELEASE.

    TIA,
    backdoc

    The /var/log/auth.log file just says:
    .... fatal: Timeout before authentication for 192......

    Here's what my laptop spits out before the long delay kicks in.

    rootlaptop:/home/backdoc # ssh -vl backdoc 192.168.1.4
    OpenSSH_3.9p1 Debian-1ubuntu2, OpenSSL 0.9.7e 25 Oct 2004
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to 192.168.1.4 [192.168.1.4] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version
    OpenSSH_3.5p1 FreeBSD-20030924
    debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '192.168.1.4' is known and matches the DSA host key.
    debug1: Found key in /root/.ssh/known_hosts:1
    debug1: ssh_dss_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    darren Guest

  2. #2

    Default Re: ssh password delay


    Additional info.

    I started sshd with -ddd. It is definitely hanging on the line:
    "Trying to reverse map address 192.168.1.102."

    Now, I'm not sure how to fix that. BTW, I do have VerifyReverseMapping
    set to "NO" in sshd_config. But, that seems to be being ignored.

    Any suggestions?
    darren


    darren wrote: 
    backdoc Guest

  3. #3

    Default Re: ssh password delay

    backdoc <com> wrote:
     

    I think that sshd attempts to require a RDNS entry in any case, but only
    with VerifyReverseMapping set to YES does it actually check to see if
    the result makes sense.

    Sounds to me like you need to enter PTR records for your IP range. See
    the docs for whatever DNS server you're using.
     
    > _______________________________________________
    > org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to "org"[/ref]


    --
    Bill Moran
    Potential Technologies
    http://www.potentialtech.com
    Bill Guest

  4. #4

    Default Re: ssh password delay

    > I have done quite a bit of googling and I realize that the problem 
    [SNIP] 

    If that is your resolv.conf, then that explains some things. Your box
    is looking at the ISP for name resolution and the ISP has no idea (nor
    could care) what your internal LAN address space is. Change the
    resolv.conf to look at itself (127.0.0.1) and setup BIND with some
    simple DNS and RDNS records. You could use pretty much any box on
    your network for DNS, but the key is that it has to know about the
    internal space.

    GS
    Gary Guest

  5. #5

    Default Re: ssh password delay

    Gary Smithe wrote:
     
    Or fix your /etc/host.conf to lookup in files first and then use DNS,
    then put your local network in /etc/hosts. Much simpler for a small
    network.

    E.g. /etc/host.conf

    # First try the /etc/hosts file
    hosts
    # Now try the nameserver next.
    bind


    And /etc/hosts

    192.168.0.1 myhost

    Then leave resolv.conf alone. It will be used for anything not in your
    local hosts file.

    --Alex

    Alex Guest

  6. #6

    Default Anthony's drive issues.Re: ssh password delay

    Anthony -

    I'm curious - with the issues you are having with the drives (SCSI
    I think you mentioned) have you considered these ideas?

    1. Upgrade the system BIOS
    2. Upgrade the firmware in the SCSI controller
    3. Upgrade the firmware in the array (if applicable)

    Ther may be a bug-a-boo in one of those. If you have not - consider doing
    so and see if this "may" correct your issues.

    Of course, this means gathering the files and makeing proper disketts (if
    required) - but I assume you know that.

    Just a thought.


    Best regards,
    Chris
    RacerX Guest

  7. #7

    Default Re: Anthony's drive issues.Re: ssh password delay

    RacerX writes:
     

    Show me that it's not a bug in FreeBSD first. I never had the problem
    in Windows NT. I'm not going to upgrade every bit of hardware and
    software in the box just to prove it _isn't_ FreeBSD, when FreeBSD
    represents the only change to a machine that has run without fail for
    eight years. I also don't believe in throwing darts to solve problems.

    --
    Anthony


    Anthony Guest

  8. #8

    Default Re: Anthony's drive issue.


    On Mon, 21 Mar 2005, Anthony Atkielski wrote:
     
    >
    > Show me that it's not a bug in FreeBSD first. I never had the problem
    > in Windows NT. I'm not going to upgrade every bit of hardware and
    > software in the box just to prove it _isn't_ FreeBSD, when FreeBSD
    > represents the only change to a machine that has run without fail for
    > eight years. I also don't believe in throwing darts to solve problems.
    >
    > --
    > Anthony[/ref]

    Anthony -

    A few things - considering the hardware is 8 years plus, can we
    assume you never updated/upgraded the firmware on the above mentioned.

    Assuming that to be true, you are taking an virtually new OS
    (FreeBSD in this case) and imposing it on old hardware (again, assuming
    the firmware was never upgraded) and expect it to preform without issues.

    Any Server+ or even A+ tech knows that from time to time, you need
    to upgrade/update your firmware. So, why not give it a shot? At least try
    to bring your 8 year old hardware a bit closer to 2004/2005 with a
    firmware hoist.

    It can't hurt - if anything, it will allow many new features added
    to the old stuff to whatever OS of choice you deem to use.

    That's just plain common sence. If however you don't feel you
    qualified to do this (as outlined if you are A+ or Server+ ) then we'll
    all understand.

    First rule - NEVER assume it's anything - always look at EVERY possible
    solution.

    Best regards,

    Chris
    RacerX Guest

  9. #9

    Default Re: Anthony's drive issues.Re: ssh password delay

    On Mon, 21 Mar 2005 19:39:11 +0100, Anthony Atkielski
    <fr> wrote:
     

    Alternatively, show us it is not a firmware problem first.
     

    Yawn. I had loads of problems with NT, virtually none with Win2K. Your
    argument is meaningless.
     

    It's not throwing darts, it's sensible advice. NT is ancient, like
    your firmware no doubt.
     

    Frem.
    Freminlins Guest

  10. #10

    Default Re: Anthony's drive issues.Re: ssh password delay

    Freminlins writes:
     

    It ran for eight years without errors.
     

    So your saying an anciety copy of NT is more reliable than a current
    copy of FreeBSD?

    --
    Anthony


    Anthony Guest

  11. #11

    Default Re: ssh password delay -- SOLVED

    Thanks to all.

    I seemed to have resolved the problem by setting my /etc/host.conf file
    to look like:

    order hosts,bind
    multi on

    And, of course, I have the correct IP's were in the /etc/hosts file. My
    laptop gets two different IPs depending on whether I go through the
    wireless or not.

    My host.conf already looked like the one below, but it wasn't working.

    Thanks again. I am so glad to get this problem resolved.

    darren

    Alex Zbyslaw wrote: 
    > Or fix your /etc/host.conf to lookup in files first and then use DNS,
    > then put your local network in /etc/hosts. Much simpler for a small
    > network.
    >
    > E.g. /etc/host.conf
    >
    > # First try the /etc/hosts file
    > hosts
    > # Now try the nameserver next.
    > bind
    >
    >
    > And /etc/hosts
    >
    > 192.168.0.1 myhost
    >
    > Then leave resolv.conf alone. It will be used for anything not in your
    > local hosts file.
    >
    > --Alex
    >
    > _______________________________________________
    > org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to
    > "org"
    >
    >[/ref]
    backdoc Guest

  12. #12

    Default Re: ssh password delay -- SOLVED

    Thanks to all.

    I seemed to have resolved the problem by setting my /etc/host.conf file
    to look like:

    order hosts,bind
    multi on

    And, of course, I have the correct IP's were in the /etc/hosts file. My
    laptop gets two different IPs depending on whether I go through the
    wireless or not.

    My host.conf already looked like the one below, but it wasn't working.

    Thanks again. I am so glad to get this problem resolved.

    darren

    Alex Zbyslaw wrote: 
    > Or fix your /etc/host.conf to lookup in files first and then use DNS,
    > then put your local network in /etc/hosts. Much simpler for a small
    > network.
    >
    > E.g. /etc/host.conf
    >
    > # First try the /etc/hosts file
    > hosts
    > # Now try the nameserver next.
    > bind
    >
    >
    > And /etc/hosts
    >
    > 192.168.0.1 myhost
    >
    > Then leave resolv.conf alone. It will be used for anything not in your
    > local hosts file.
    >
    > --Alex
    >
    > _______________________________________________
    > org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to
    > "org"
    >
    >[/ref]

    darren Guest

  13. #13

    Default Re: Anthony's drive issues.Re: ssh password delay

    On Tue, 22 Mar 2005 04:19:25 +0100, Anthony Atkielski
    <fr> wrote:
     

    On a different OS.
     

    Don't try and put your words in my mouth. On your ancient hardware
    with an ancient OS you didn't have problems. Why not stick with it if
    it's been so reliable?
     

    Frem.
    Freminlins Guest

  14. #14

    Default Re: Anthony's drive issues.Re: ssh password delay

    Ted Mittelstaedt writes:
     

    You're incorrect. I have _already_ done it, at your suggestion; it had
    no effect, as I expected.
     

    I'm not going to take the machine apart just to eliminate every other
    possible cause in the universe before blaming it on FreeBSD.

    Only one thing has changed in this machine: I replaced Windows NT with
    FreeBSD. Windows NT had no problem with the SCSI drives; FreeBSD has a
    problem with them. Therefore FreeBSD is defective.
     

    I never lost data at all under Windows NT, either; and Windows NT never
    slowed down.
     

    All I know, is that nobody who has replied to my questions is competent
    or energetic enough to actually find the bug in FreeBSD. You can argue
    all you want about that, but it's precisely this sort of attitude that
    prevents operating systems like FreeBSD from being adopted on a large
    scale in many organizations. If they delete NT to try FreeBSD, and
    FreeBSD generates a raft of errors that NT never did, and all anyone
    involved with the product can say is "it's your hardware!" do you think
    that they're going to keep using FreeBSD? The OS is obviously
    defective, since it is the only thing that changed. There is no reason
    to look anywhere else UNTIL and UNLESS the OS is ruled. Looking at
    everything else _first_ just to avoid taking responsibility for a bug in
    the OS is not the way it's done.
     

    That's how FreeBSD does it, too, based on the snippets of code I've
    looked at.
     

    No, the only way to find the error is to find someone who knows the
    FreeBSD code and is competent and willing to discuss the problem,
    instead of people who spend their time ing smoke in order to avoid
    admitting that they haven't a ghost of a clue as to what the problem is.

    You obviously have no idea what's wrong; why do you continue to reply?

    --
    Anthony


    Anthony Guest

  15. #15

    Default Re: Anthony's drive issues.Re: ssh password delay

    Freminlins writes:
     

    Exactly. With _identical_ hardware. So if the hardware ran under the
    other OS, but not under this OS, where do you look first for the
    problem?

    If your car runs perfectly for years with one brand of oil, and then you
    change brands and the engine seizes, where do you look for the source of
    the problem?
     

    I'm just pointing out the unavoidable implication of what you said. NT
    ran on this hardware for eight years without a hitch; FreeBSD cannot do
    the same. It's not the hardware.
     

    UNIX is twenty years older than NT.
     

    I wanted to try FreeBSD.

    Is that what you tell people who have trouble getting FreeBSD to work?
    "Reinstall your old OS"?

    --
    Anthony


    Anthony Guest

  16. #16

    Default Re: Anthony's drive issues.Re: ssh password delay

    On Tue, 22 Mar 2005 10:25:14 +0100, Anthony Atkielski
    <fr> wrote:
     

    Both, actually.
     

    Both, actually.
     

    So stick with NT. Why would you change from something that runs
    perfectly for 8 years?
     

    That doesn't mean nothing has changed in 20 years, does it?
     

    And your hardware seems to not work very well with FreeBSD. Move on.
     

    That's not what has been said. Having read this thread (and others by
    you previously) you have no intention of helping yourself. You just
    like to whinge that FreeBSD doen't work on your hardware.
     

    Frem.
    Freminlins Guest

  17. #17

    Default Re: Anthony's drive issues.Re: ssh password delay

    On Tue, 2005-03-22 at 10:13 +0100, Anthony Atkielski wrote: 
    [...] 
    [...]

    Just for the record, since we seem to be stuck in a loop of comparing
    apples with oranges:

    1. Does either Windows 2003 or XP SP2, the only versions of Windows that
    are meaningful comparisons with the latest versions of FreeBSD, fully
    and without errors support this SCSI adapter and drive combination?

    2. Does a version of FreeBSD that is contemporary with NT and your
    machine (ancient, unsupported, like NT) drive this hardware OK?

    _ALL_ operating systems have some issues with some old hardware.
    Migrating to Windows XP, for example, was impossible on some machines
    never than yours. I've retired Compaq servers that were less ancient
    than your machine and *built for Windows* because some hardware
    (specifically SCSI adapters, incidentally) was incompatible with _any_
    currently supported version of Windows.

    In the sense that maintaining support for all discontinued devices ever
    made would be a seriously misguided use of resources, this is a feature
    rather than a *defect*.

    The comparisons you have been making are fatuous. I had thought they
    were about as fatuous as it's possible to get, but then I saw your post
    that said UNIX is twenty years older than NT, and that gets the prize.
    Congrats.

     
    [...]

    You bet. Paid help is surely available. What you fail to realise is that
    nobody is under any obligation to give you such detailed and
    time-consuming help FOR FREE.

    FreeBSD development follows the lines decided on by the development
    team, just like every OS in the world. If no developers choose to spend
    time fixing (non-destructive) issues for you, personally, then that's
    their choice. If that is their choice, it's a pretty good one.

    I'd love to see you harangue Microsoft for personalised development and
    support in the way you've been haranguing this list.

    And, after all is said and done, if your hardware is unsupported, so
    what? It's very, very old. This isn't a fault or a defect; it's part of
    the spec. You can find LOTS of archaic hardware that is incompatible
    with the latest versions of FreeBSD - or Apple Mac, or Linux, or (sit
    down for this one) Windows.

    Staggeringly, you don't appear to realise this. You obviously have
    significant computer experience, but this is something the greenest
    newbie is aware of.
     

    Maybe he was trying to help? That seems to have been a mistake.

    Peter.


    Peter Guest

  18. #18

    Default Re: Anthony's drive issues.Re: ssh password delay

    Freminlins writes:
     

    I was able to retire the legacy applications on the machine and I wanted
    to try something new.
     

    It means that the age of the OS is not an issue.
     

    No, FreeBSD doesn't work very well with the hardware. As a matter of
    fact, it doesn't work very well with the hardware on my production
    server, either.

    It seems that as soon as you install FreeBSD on a machine, the
    "hardware" fails.
     

    What would you suggest that I do? It takes a very long time to wade
    through OS source code.

    --
    Anthony


    Anthony Guest

  19. #19

    Default Re: Anthony's drive issues.Re: ssh password delay

    Peter Risdon writes:
     

    I don't know. But I'm not trying to run Windows 2003 or XP SP2.
     

    I don't know. Why should I have to run an eight-year-old version of
    FreeBSD? Does every new version introduce regressions? UNIX still
    supports dumb terminals that are thirty years old. Why shouldn't
    FreeBSD support disks that are eight years old?
     

    You don't have to maintain support. Usually, just leaving the code in
    place is sufficient. That's why UNIX still has support for hardware
    that virtually no one still uses.

    My guess is that FreeBSD has _never_ supported this hardware correctly.
    People have been complaining about it for years.
     

    So tell me again the advantage of open source, as opposed to proprietary
    software?
     

    It's not the sort of choice that is conducive to widespread use of the
    OS. Software developed by prima donnas answerable to no one makes large
    organizations nervous.
     

    I have; some changes in NT were made because of my complaints.
     

    What spec?

    I have fifty-year-old cameras that still work fine; there's no need to
    replace them every 18 months. Why should I have to replace computers
    every 18 months?
     

    You have yet to establish that any "archaic" aspect of the hardware is
    at the root of this problem, and in fact you don't actually know what
    the problem is. There doesn't seem to be anyone here who actually knows
    anything about FreeBSD internals. Does anyone ever read the code?
     

    I do have significant computer experience, and I know how attached
    people become to their software. I can count on one hand the developers
    who have said, on the very bug report, "Oh yes, that sounds like a bug
    in my module--I'll get on it right away." It's _always_ Someone Else's
    fault in their eyes, and typically they'll never fix their mistakes
    unless their job depends on it (or if they do, they'll do so quietly and
    pretend that there was never any bug in the first place: "Your hardware
    problem must have gone away--you're lucky").

    The hardware ploy, in fact, is standard procedure in technical support
    organizations. You always suggest it's hardware, and insist that the
    customer verify. That allows you to suspend the call with "waiting
    customer response" for days or weeks. If the customer ever actually
    does what you ask, you come up with some other hardware detail that has
    to be tested. The more awkward and time-consuming it is, the better.
    Some customers will give up rather than go through all the useless
    procedures you suggest; then you can close the call.
     

    I don't need "help" from people who have no idea what they are talking
    about. I need help from someone who knows what's actually causing the
    error and is motivated by something a bit more altruistic than denial.

    --
    Anthony


    Anthony Guest

  20. #20

    Default Re: Anthony's drive issues.Re: ssh password delay

    Ted Mittelstaedt writes:
     

    It dates from before the change. They both show 10.00 MB/s now in both
    the BIOS and dmesg, but the problem remains.
     

    I don't care what I look like (I grew out of that decades ago), I just
    want a system that runs. I do know, however, that blaming hardware is
    the standard delay tactic for those who wish to deny the existence of
    software bugs. "Rule out every transistor in the machine, and then
    we'll talk."
     

    Yes. But the problem would be fixed, and that's the important part.
     

    This isn't a religious crusade. I just want hardware and software that
    work together. They did that with NT; they don't do that with FreeBSD.
     

    I'm not running NT4, I'm running FreeBSD, so it was obviously a
    different problem.
     

    That's the way tech support works. In tech support, a call that is
    waiting for customer response is nearly as good as a call that is
    closed.

    Additionally, developers often don't ever get around to looking at
    problems sent to them by tech support. And they often play the same
    game, asking for this or that just to get the problem off their list.
     

    Yes, I know how it's done in real life.
     

    That's right. That's how most companies do it. Is that the example you
    chose to follow?

    --
    Anthony


    Anthony Guest

Page 1 of 8 123 ... LastLast

Similar Threads

  1. Replies: 1
    Last Post: September 10th, 07:15 AM
  2. Replies: 5
    Last Post: January 8th, 08:36 PM
  3. delay
    By lwguy in forum Macromedia Flash
    Replies: 1
    Last Post: July 27th, 11:19 AM
  4. Replies: 1
    Last Post: September 18th, 12:09 AM
  5. How to secure database password? (was Perl/DBI newbie: password stora...
    By Motherofperls@aol.com in forum PERL Beginners
    Replies: 0
    Last Post: September 17th, 01:41 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139