-   Linux - Newbie (
-   -   ssh hanging after login authentication succeeded (

zousheng 02-05-2013 11:49 PM

ssh hanging after login authentication succeeded
When I try to login the remote server CentOS,use
ssh -v user@server, after inputing the password, it is hanging

debug1: authentication succeeded (password)
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
, also checked the /var/log/secure, it indicates authentication succeeded, and the traceroute and ping command confirmed the no packet loss during the transimition. Any idea?

shivaa 02-06-2013 12:17 AM

No need to use -v option with ssh. It stands for verbose mode, and causes ssh to print debugging messages about its progress.
Instead use either no option or just -l, as:-

~$ ssh user@server
~$ ssh -l user server

So once try it. If it does not help, then the problem could be in user's profile on remote CentOS server.

zousheng 02-06-2013 12:53 AM

yes, i used the -v just want to see the log information,(I tried the method u mentioned, not working) I just found another information in /var/log/message

Feb 5 19:39:16 auditd[2977]: Audit daemon rotating log files
Feb 6 02:47:46 sudo: pam_ldap: error trying to bind as user "uid=****" (Invalid credentials)
Feb 6 04:37:28 auditd[2977]: Audit daemon rotating log files
, I am gussing it's about the ldap issue, but not sure
any idea?

shivaa 02-06-2013 01:31 AM

After entering password and waiting, can you enter inside the session?

It sounds problem with your authentication server/services.
Can you ping the directory server i.e. ldap server or can make a search on that server from some other server? Also check if directory services are up and running properly on ldap server.

For testing ldap services, you can ask someone else to login on the remote CentOS server. If he can login without any problem, then issue will be with your username only. Otherwise, it will be an issue with ldap authentication.

However, these cmds should work fine:-

~$ ssh user@server
~$ ssh -l user server

zousheng 02-06-2013 02:25 AM

Thanks very much, I can login the server, and see the ldap process is running ,and also run the command ldapsearch -x -LLL -u -t "(uid=xyz)" in the ldap server, it can show my ifnormation. Still confused.

shivaa 02-06-2013 03:15 AM


Originally Posted by zousheng (Post 4885306)
Thanks very much, I can login the server, and see the ldap process is running ,and also run the command ldapsearch -x -LLL -u -t "(uid=xyz)" in the ldap server, it can show my ifnormation. Still confused.

Which server - ldap or your CentOS? Ldapsearch cmd is running ok means ldap server/services are up and running.
I had asked that can you login into your session on CentOS server after entering your password?

But still you have to check:

1) Are you sure that your CentOS server authenticates users through Ldap OR it consults any local or NIS passwd file?

2) If login is successful in CentOS, but it's slow in loading your shell, then problem is with your own user profile (could be with .bashrc, .cshrc, .profile. or .login).

3) If after entering password, it cannot go inside your session and cannot load your shell, then problem might be with authentication process. You will also need to check your password on different machines, so you can make sure that your password is ok.

zousheng 02-06-2013 03:54 AM

I mean i can login the LDAP server and check the ldap, not the server A (let's say)i am trying to connect. I can login server A from other site (Let's say USA server B, i can login B first, then ssh to A,and login the session can run any commands, if i ssh to A directly from my local laptop, it's not working). thx

zousheng 02-09-2013 06:25 PM

Any update? this maybe the firewall or some other issue, but can't be identified so far.

unSpawn 02-09-2013 08:16 PM


Originally Posted by zousheng (Post 4887886)
Any update? this maybe the firewall or some other issue, but can't be identified so far.

HUh? Updates should come from you I'd think. You're the one who's able to log in to machine A and check its SSH daemon log file, firewall and so on...

fortran 02-10-2013 01:17 AM

As you said u have tried shivaa`s first post solution but it is not working 4 u.
Have you tried to connect server using other host. If it is connected through other system of same lan then it is ur system's fault.
Connect ur server with other system and save your ssh public file ( or in ssh directory of server as filename `authorized_keys`.now it will not ask password for your try once does it still hang?

zousheng 02-10-2013 01:18 AM

Actually, i can only see the logs, for firewall, i have no access. these 2 machine are located in different country and use vpn to connect, we have got touch with our network security team, they proved it's ok in firewall, the packet is right, no policy block the packet, then we are stuck here. We tried to create a local account in that machine, and ssh to that server with that local account, but still failed. ping is ok,no packet loss.

zousheng 02-10-2013 01:23 AM

My laptop is win7, use putty to connect the server, guess no need to install ssh in win7, right? I can login to that server in US server (login us server successfully, then ssh to that server), but not working in our country.

zousheng 02-10-2013 01:42 AM

I tried to upload my ssh public key (my win7 has a centos VM, i just create ssh key pair), i logined that server via US server, and uploaded my public key to the server .ssh/authorized_keys, still not working, from the debug information, we can see the password authentication has succeeded, still hanging there. Ctrl + c doesn't work either.

fortran 02-10-2013 01:51 AM

That info u have shared first time. Yes u r right no need to install ssh in windows seven.
If it is asking for password it means you will be logged into user's home directory.
I havent used password to loginto serrver.generally people use .pem file to login so they will be jailed in particular directory for using only given u not have pem file of srrver? So using ssh -i u can log in.

smbhandary 02-10-2013 02:15 AM

based on my understanding of the problem statement :

suggested checks to be done sequentially ie if step 1 dont work, fix it before going to the next step.

1. Get clear about authentication method used whether local / nis / ldap.
2. Get clear about the impact area ie is only one user impacted or is it impacting all users .
3. If the problem is impacting all users then focus on the authentication service and the services it depends
4. If nis / ldap , validate or confirm that the authentication method is working as designed.
5. If the users home directory is automounted, ensure nfs , automount and portmap services are working as designed.
6. If the problem is impacting a single user, then validate / check the users profile.
7. Check on the ownership and permissions of the users home directory. Linux is finicky about permissions on an ids home.

zousheng 02-10-2013 04:59 AM

Thank very much for your suggestion, i can only reply few of the questions, i need to go to office and check it agian, then tell you all the answers.
So far, our China users can't login to that server, we used ldap to authenticate, in /var/log/secure,and /var/log/message, we have confirmed the password authenticated successfully, and that server has opened a session for us.

The ldap is working right, cause other country's colleagues can work fine, and if we login to US server first then ssh to that server, still working, so ldap is working as designed, i guess. The permssions should be ok, cause all our site's users have the same issue. Will check again after i am in office. thx

All times are GMT -5. The time now is 01:53 PM.