ssh hanging after login authentication succeeded
 

When I try to login the remote server CentOS,use
ssh -v user@server, after inputing the password, it is hanging

.............................
debug1: authentication succeeded (password)
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
, also checked the /var/log/secure, it indicates authentication succeeded, and the traceroute and ping command confirmed the no packet loss during the transimition. Any idea?

No need to use -v option with ssh. It stands for verbose mode, and causes ssh to print debugging messages about its progress.
Instead use either no option or just -l, as:-
So once try it. If it does not help, then the problem could be in user's profile on remote CentOS server.

yes, i used the -v just want to see the log information,(I tried the method u mentioned, not working) I just found another information in /var/log/message

Feb 5 19:39:16 auditd[2977]: Audit daemon rotating log files
Feb 6 02:47:46 sudo: pam_ldap: error trying to bind as user "uid=****" (Invalid credentials)
Feb 6 04:37:28 auditd[2977]: Audit daemon rotating log files
, I am gussing it's about the ldap issue, but not sure
any idea?

After entering password and waiting, can you enter inside the session?

It sounds problem with your authentication server/services.
Can you ping the directory server i.e. ldap server or can make a search on that server from some other server? Also check if directory services are up and running properly on ldap server.

For testing ldap services, you can ask someone else to login on the remote CentOS server. If he can login without any problem, then issue will be with your username only. Otherwise, it will be an issue with ldap authentication.

However, these cmds should work fine:-

Thanks very much, I can login the server, and see the ldap process is running ,and also run the command ldapsearch -x -LLL -u -t "(uid=xyz)" in the ldap server, it can show my ifnormation. Still confused.
???

Which server - ldap or your CentOS? Ldapsearch cmd is running ok means ldap server/services are up and running.
I had asked that can you login into your session on CentOS server after entering your password?

But still you have to check:

1) Are you sure that your CentOS server authenticates users through Ldap OR it consults any local or NIS passwd file?

2) If login is successful in CentOS, but it's slow in loading your shell, then problem is with your own user profile (could be with .bashrc, .cshrc, .profile. or .login).

3) If after entering password, it cannot go inside your session and cannot load your shell, then problem might be with authentication process. You will also need to check your password on different machines, so you can make sure that your password is ok.

I mean i can login the LDAP server and check the ldap, not the server A (let's say)i am trying to connect. I can login server A from other site (Let's say USA server B, i can login B first, then ssh to A,and login the session can run any commands, if i ssh to A directly from my local laptop, it's not working). thx

Any update? this maybe the firewall or some other issue, but can't be identified so far.

HUh? Updates should come from you I'd think. You're the one who's able to log in to machine A and check its SSH daemon log file, firewall and so on...

As you said u have tried shivaa`s first post solution but it is not working 4 u.
Have you tried to connect server using other host. If it is connected through other system of same lan then it is ur system's fault.
Connect ur server with other system and save your ssh public file (id_dsa.pub or id_rsa.pub) in ssh directory of server as filename `authorized_keys`.now it will not ask password for your system.now try once does it still hang?

Actually, i can only see the logs, for firewall, i have no access. these 2 machine are located in different country and use vpn to connect, we have got touch with our network security team, they proved it's ok in firewall, the packet is right, no policy block the packet, then we are stuck here. We tried to create a local account in that machine, and ssh to that server with that local account, but still failed. ping is ok,no packet loss.

My laptop is win7, use putty to connect the server, guess no need to install ssh in win7, right? I can login to that server in US server (login us server successfully, then ssh to that server), but not working in our country.

I tried to upload my ssh public key (my win7 has a centos VM, i just create ssh key pair), i logined that server via US server, and uploaded my public key to the server .ssh/authorized_keys, still not working, from the debug information, we can see the password authentication has succeeded, still hanging there. Ctrl + c doesn't work either.

That info u have shared first time. Yes u r right no need to install ssh in windows seven.
If it is asking for password it means you will be logged into user's home directory.
I havent used password to loginto serrver.generally people use .pem file to login so they will be jailed in particular directory for using only given directory.do u not have pem file of srrver? So using ssh -i u can log in.

based on my understanding of the problem statement :

suggested checks to be done sequentially ie if step 1 dont work, fix it before going to the next step.

1. Get clear about authentication method used whether local / nis / ldap.
2. Get clear about the impact area ie is only one user impacted or is it impacting all users .
3. If the problem is impacting all users then focus on the authentication service and the services it depends
4. If nis / ldap , validate or confirm that the authentication method is working as designed.
5. If the users home directory is automounted, ensure nfs , automount and portmap services are working as designed.
6. If the problem is impacting a single user, then validate / check the users profile.
7. Check on the ownership and permissions of the users home directory. Linux is finicky about permissions on an ids home.

Thank very much for your suggestion, i can only reply few of the questions, i need to go to office and check it agian, then tell you all the answers.
So far, our China users can't login to that server, we used ldap to authenticate, in /var/log/secure,and /var/log/message, we have confirmed the password authenticated successfully, and that server has opened a session for us.

The ldap is working right, cause other country's colleagues can work fine, and if we login to US server first then ssh to that server, still working, so ldap is working as designed, i guess. The permssions should be ok, cause all our site's users have the same issue. Will check again after i am in office. thx