LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-08-2008, 01:03 PM   #1
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Rep: Reputation: 32
Question Slow SSH Login --> CentOS 5.0 --> VMware Server --> Plesk Control Panel 8.4.0


Hi there,

For a while now I have been hosting web sites out of my home and had very few (minor) problems. I would consider my newest problem to be minor as well but I don't think it is because I have to access my machine a lot.

THE PROBLEM I am having is when I log in with Putty my server authentication takes longer than usual. Any other server that I access the authentication process only takes a second or two, its almost instant.

Recently I purchased the DLINK DIR-655 Xtreme Gigabit Router to replace an older DLINK router. Now I run a CentOS 5.0 host system with VMware Server 1.0.6 and the VM is also CentOS 5.0. I am not sure where to start looking ....... is there anyway to test SSH?
 
Old 07-08-2008, 01:22 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Usually slow ssh logins start with Reverse DNS issues.
 
Old 07-08-2008, 01:29 PM   #3
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Original Poster
Rep: Reputation: 32
Ok, so I have reverse DNS provided by my ISP for my static IP's, is there anything I need to do for my own box or is it something that can't be done by the end user?
 
Old 07-08-2008, 06:56 PM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
If you are on your LAN connecting to your box via private LAN address, then your LAN DNS server must provide an appropriate PTR for the LAN (eg. private address space). You can't ask public DNS servers to return anything in private IP space. So, your ISP is not involved here. Your ISPs server won't be useful here.

You can disable StrictHostKeyChecking, but this probably isn't the best choice.
 
Old 07-10-2008, 04:02 PM   #5
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
You could always add each host to each systems local hosts file in /etc which might speed up the login process.
 
Old 07-10-2008, 07:59 PM   #6
yummycheese
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Rep: Reputation: 0
Im unsure of this as i haven't tested for it.

But I think what happens here is if you do have some name servers setup the box will query them for the rdns. Quickly get the doesnt exist record. Then move on. Giving you the usual quick login time that you expect.

When my local caching name server for my lan is down i get the slow ssh logins. Its looking for a rnds record and waits till it times out then carry's on. When its up it works fine even though we know it can possibly be giving a correct answer for a 192.168 address.

make sure you have some valid name servers in /etc/resolve.conf and that you can dig yahoo.com from the box and resolve the name. then you should be fine.
 
Old 07-10-2008, 08:01 PM   #7
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Exactly. Delays like this are the result of timeouts waiting for an answer vs. a negative answer.
 
Old 07-10-2008, 08:06 PM   #8
yummycheese
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Rep: Reputation: 0
Im a nice guy so i went and tested this real quick by unplugging my router/caching dns server from the lan

When i did. I had the slow ssh login. When I got in I tried a dig and timed how long it took.
15seconds. That seems about right. If you counted how long it took for your ssh login to go through it would be about 15seconds.

# time dig ptr 192.168.0.101

; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; connection timed out; no servers could be reached

real 0m15.020s
user 0m0.000s
sys 0m0.004s
#

Here is that same command run again after plugging the router back in.
I didnt get any answer back but it did go through very fast.

# time dig ptr 192.168.0.101

; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27997
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.0.101. IN PTR

;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2008071001 1800 900 604800 86400

;; Query time: 44 msec
;; SERVER: 192.168.0.13#53(192.168.0.13)
;; WHEN: Thu Jul 10 18:05:41 2008
;; MSG SIZE rcvd: 106

real 0m0.050s
user 0m0.004s
sys 0m0.004s
#
 
Old 07-10-2008, 08:14 PM   #9
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
And if you add more nameserver lines to /etc/resolv.conf, the delay will be longer.

Some resolvers have 10 second timeout, others 15.
 
Old 07-11-2008, 04:26 PM   #10
bskrakes
Member
 
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251

Original Poster
Rep: Reputation: 32
Thanks to everyone who replied to this thread! I think I was able to take a way a lot of info.

In the end I edited my /etc/ssh/sshd_config file and did the following:

BEFORE:
Quote:
#UseDNS yes
AFTER:
Quote:
UseDNS no
After un-commenting and specifying SSH to NOT use DNS my log in time seems normal to me. I am not sure why this didn't happen before though, my server has always been behind the same router and pretty much the same settings other than the STATIC IP changing. Anyway now I am back to my supper fast log in!

Last edited by bskrakes; 07-11-2008 at 04:28 PM.
 
1 members found this post helpful.
Old 09-10-2013, 10:44 AM   #11
crackptb
LQ Newbie
 
Registered: Sep 2013
Posts: 2

Rep: Reputation: Disabled
I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no

This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.

Last edited by crackptb; 09-10-2013 at 10:46 AM.
 
Old 12-17-2013, 10:10 AM   #12
faiz4it
LQ Newbie
 
Registered: Dec 2013
Location: Mumbai
Distribution: RHEL 6
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by crackptb View Post
I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no

This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.

Modify below 2 parameters in /etc/ssh/sshd_config and restart sshd service.
GSSAPIAuthentication no
UseDNS no

#
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Server Control Panel plated Linux - Software 1 08-18-2007 07:31 PM
CentOS 4.2, Free Control Panel adnonimape Linux - Software 1 03-22-2006 03:08 AM
Control Panel for Linux Web Server Fr33B5D Linux - Networking 5 08-28-2005 11:49 PM
plesk control panel question murshed Linux - General 1 12-04-2002 11:13 AM


All times are GMT -5. The time now is 09:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration