LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2017, 01:44 PM   #1
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Rep: Reputation: Disabled
Lag when SSHing to machine


Hello,

I've got a Centos7 server setup in my Hyper-V. When i ssh into that machine it lags. After sshing into the machine, when i performs any type of action it lags. Even typing a simple cd it takes about a good minute for it show up on the screen let alone perform any type of action. This only happens when i ssh into that machine from anywhere. But when open up the machine from Hyper-v there is no lag or anything, it performs beautifully. Based on some reading online i have set the GSSAPIAuthentication no. Some forms suggest that it would clear up the issue but it hasn't. Please help.
 
Old 08-03-2017, 01:53 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
I have RHEL7 guests on Hyper-V with no appreciable lag via ssh.

On looking at one just now in both /etc/ssh/ssh_config and /etc/ssh/sshd_config I see it set to yes:
GSSAPIAuthentication yes

Note that lines for GSSAPIAuthentication appears multiple times in the configs but is usually commented out (prepended by a pound sign [#]). It should only be uncommented once which is what I show above.

You may wish to be sure the line you're looking at is NOT commented out.
 
Old 08-03-2017, 02:16 PM   #3
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
Gssapi

This is what i have so far for the GSSAPI options

# GSSAPI options
GSSAPIAuthentication no
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

This is what i have in the /etc/ssh/sshd_config file. This whole file is the same as in the root account and the user account that has sudo privilages.
The only thing different is that in the root account this file has AllowUsers (username1) (username2). I am assuming that AllowUsers means that those users can ssh into the machine with their AD credentials. Thanks for your reply.
 
Old 08-03-2017, 02:39 PM   #4
TheEzekielProject
Member
 
Registered: Dec 2016
Distribution: arch
Posts: 664

Rep: Reputation: 190Reputation: 190
Quote:
Originally Posted by Waris View Post
This is what i have so far for the GSSAPI options

# GSSAPI options
GSSAPIAuthentication no
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

This is what i have in the /etc/ssh/sshd_config file. This whole file is the same as in the root account and the user account that has sudo privilages.
The only thing different is that in the root account this file has AllowUsers (username1) (username2). I am assuming that AllowUsers means that those users can ssh into the machine with their AD credentials. Thanks for your reply.
Just to clarify, you only have ONE /etc/ssh/ssh(d)config. You do not have one of these files for each user.
 
Old 08-03-2017, 03:45 PM   #5
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
I apologize for the miscommunication. Yes, there is only one /etc/ssh/ssh(d). I have a user that is able to login with his AD credential and that user has sudo privilages, and then ofcoruse there is the root user. I just re-read your first comment about changing the "GSSAPIAuthentication no" in both the /etc/ssh/sshd_config and /etc/ssh/ssh_config. Originally i had changed it to "GSSAPIAuthentication no" in only the /etc/ssh/sshd_config file. I have made the changes in both places now, /etc/ssh/sshd_config and /etc/ssh/ssh_config. I just ssh'ed into that machine with a testuser and there didnt seem to be any lag. In my mind, i think that changing "GSSAPIAuthentication no" in both places may have fixed the issue. I just sent out an email to the privileged user to confirm that there is no more lag. Will get back to you on his reply.

Thank you
 
Old 08-04-2017, 09:08 AM   #6
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
GSSAPI change did not resolve issue

Update.

I got a reply from the user and he states that he is still having lag on that machine while ssh'd into it. So it seems Changing the GSSAPI options in the ssh(d)_config file did not help. Anymore suggestion anyone?
 
Old 08-04-2017, 09:13 AM   #7
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Quote:
Originally Posted by Waris View Post
Update.

I got a reply from the user and he states that he is still having lag on that machine while ssh'd into it. So it seems Changing the GSSAPI options in the ssh(d)_config file did not help. Anymore suggestion anyone?
If you're not having issues with a Linux users but he is with an AD user it suggests the issue may be with the AD access rather than the ssh access.

Also as noted in my earlier post we have GSSAPI option set to yes rather than no as you do. You might try reversing in both config files to see if it makes a difference.
 
Old 08-04-2017, 09:57 AM   #8
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
Thanks for your reply. I have tried turning the options to Yes and no in both file but to no avail. I am not exactly sure what else it could be..Hmm..
 
Old 08-04-2017, 10:27 AM   #9
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
If you're relying on AD for Linux login by the user maybe its an issue with Samba configuration on Linux?
 
Old 08-04-2017, 10:36 AM   #10
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
If you're relying on AD for Linux login by the user maybe its an issue with Samba configuration on Linux?
I dont believe its a samba issue, for some reason im thinking it may have something to do with the network or DNS but i cant place it.
 
Old 08-04-2017, 10:46 AM   #11
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
What's in /etc/nsswitch.conf for hosts: line?

What's in /etc/resolv.conf?

Do you use the AD domain controllers for DNS as well? (We do internally.)
 
Old 08-04-2017, 10:58 AM   #12
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
What's in /etc/nsswitch.conf for hosts: line?

What's in /etc/resolv.conf?

Do you use the AD domain controllers for DNS as well? (We do internally.)
In /etc/nsswitch.conf

#hosts: db files nisplus nis dns
hosts: files dns myhostname

In /etc/resolve.conf

# Generated by NetworkManager
search tang.com
nameserver XXX.XX.X.XX

and yes we use AD domain controllers for DNS.
 
Old 08-04-2017, 11:38 AM   #13
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
From the Linux server can you connect to port 53 on XXX.XX.X.XX?

If you run "dig @XXX.XX.X.XX <workstation name>" does it give you the IP of the user's workstation from which he is doing his ssh to your Linux server?

If you run "dig @XXX.XX.X.XX <AD server name>" does it give you the IP of the AD server?

Do you have either of those name in /etc/hosts on the Linux server with different IPs than they have in DNS?

I hadn't noticed "myhostname" previously but see it is in my nsswitch.conf as well. On looking up its meaning I did find an article at RedHat saying it was causing issues if you didn't have package systemd-219-36.el7 or above. You might want to verify you do.
Article is at https://access.redhat.com/solutions/2766251 but requires a subscription to see.
 
Old 08-04-2017, 02:33 PM   #14
Waris
Member
 
Registered: May 2017
Distribution: Centos 6,7 and Windows
Posts: 40

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
From the Linux server can you connect to port 53 on XXX.XX.X.XX?

If you run "dig @XXX.XX.X.XX <workstation name>" does it give you the IP of the user's workstation from which he is doing his ssh to your Linux server?

If you run "dig @XXX.XX.X.XX <AD server name>" does it give you the IP of the AD server?

Do you have either of those name in /etc/hosts on the Linux server with different IPs than they have in DNS?

I hadn't noticed "myhostname" previously but see it is in my nsswitch.conf as well. On looking up its meaning I did find an article at RedHat saying it was causing issues if you didn't have package systemd-219-36.el7 or above. You might want to verify you do.
Article is at https://access.redhat.com/solutions/2766251 but requires a subscription to see.

output of #dig AD

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> AD SERVER NAME HERE
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15075
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;AD SERVER NAME HERE. IN A

;; Query time: 9 msec
;; SERVER: XXX.XX.X.XX#53(XXX.XX.X.XX)
;; WHEN: Fri Aug 04 15:19:37 EDT 2017
;; MSG SIZE rcvd: 43


Output of #dig workstation

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> CURRENT WORKING MACHINE NAME HERE
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1498
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;CURRENT WORKING MACHINE NAME HERE. IN A

;; Query time: 1 msec
;; SERVER:XXX.XX.X.XX#53(XXX.XX.X.XX)
;; WHEN: Fri Aug 04 15:23:35 EDT 2017
;; MSG SIZE rcvd: 45


In /etc/hosts, I have the following(which has the Ip adress and name of the current machine.)

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

XXX.XX.X.XX Current-machine-name-here Current-machine-name-here.Tang.com


I did a #rpm -qa | grep systemd-219-36.el7
But got nothing in return. Which means i dont have the package at all in my system. I couldnt completely read the redhat article but i wonder, if you dont have the latest or the package at all what happens? you said it would cause an issue. what type of an issue?

Thanks a bunch.
 
Old 08-04-2017, 04:11 PM   #15
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
If your responses ended with "IN A" after the host names it means they did NOT resolve so that may be your problem. Are your AD server and workstation in domain tang.com? If not did you type in the fully qualified domain name (FQDN) for each (i.e. servername.domainname)?

You're use of rpm command is slightly off.

rpm -qa will show ALL RPM packages - you can run "rpm -qa |grep systemd" to see all packages with systemd in the namme.

When you know the name of the package you can just specify that:
rpm -q systemd

You're not looking to see if you have exactly systemd-219-36.el7 but rather at least that version
So if for example you ran "rpm -q systemd" and it responded with systemd-219-19.el7_2.4.x86_64 that is version 219-19 which is earlier than 219-36 so you'd want to run "yum update systemd" to get the latest package.

On my test system doing that just now installed version 219-42. After the update "rpm -q systemd" now shows:
systemd-219-42.el7.x86_64

Since the link is restricted to RedHat subscribed users I can't put its contents here. It doesn't specifically talk about the issue you are having so may not be involved and the only reason I saw it was because I'd never noticed RHEL7 added that last item to hosts: line in nsswitch.conf before.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSHing into Raspberry Pi Completely Clueless Linux - Networking 11 05-22-2013 06:32 PM
Need assistance SSHing into Fedora 14 when Fedora had no problem SSHing into Ubuntu theif519 Fedora 12 06-04-2011 02:34 PM
sshing questions bluknight43 Linux - Newbie 1 02-12-2005 09:06 PM
color xterm when sshing into another machine...? clockworks Linux - General 0 01-19-2004 08:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration