HPE Community
Operating System - HP-UX
1819870 Members
2684 Online
109607 Solutions
New Discussion юеВ

SSH Working very slow

 
SOLVED
Go to solution
sureshpanavalli
Advisor

тАО08-04-2007 12:01 AM

тАО08-04-2007 12:01 AM

SSH Working very slow

Hi all,

my ssh login is very slow , it is taking more than 5 minutes to get the login prompt, At the same time telnet is working properly

model
HP-UX qhus034 B.11.11 U 9000/800 1583561481 unlimited-user license
----------------------------------------------
[/opt/ssh/bin]
[qhus034@HP-UX]>/opt/ssh/sbin/sshd -dd &
[1] 5188
[/opt/ssh/bin]
[qhus034@HP-UX]>debug2: read_server_config: filename /opt/ssh/etc/sshd_config
debug1: sshd version OpenSSH_3.6.1p2
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.

[/opt/ssh/bin]
[qhus034@HP-UX]>ps -eaf |grep sshd
root 5192 4009 0 01:23:42 pts/tb 0:00 grep sshd
root 5188 4009 0 01:23:34 pts/tb 0:00 /opt/ssh/sbin/sshd -dd
[/opt/ssh/bin]
[qhus034@HP-UX]>ssh 0
debug1: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 58348
debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug2: Network child is on pid 5194
debug1: permanently_set_uid: 103/103
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Miscellaneous failure
No such file or directory

debug1: no credentials for GSSAPI mechanism Kerberos
debug1: Miscellaneous failure
No such file or directory

debug1: no credentials for GSSAPI mechanism Kerberos
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug2: monitor_read: 0 used once, disabling now
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 1557/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1607/3191
debug2: monitor_read: 4 used once, disabling nowdebug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS

The authenticity of host '0 (0.0.0.0)' can't be established.
RSA key fingerprint is ad:c9:e5:db:90:5c:38:ad:73:37:32:a2:8d:2d:9e:58.
Are you sure you want to continue connecting (yes/no)?


Kindly help me on this

Regards,
Suresh.
0 Kudos
Reply
21 REPLIES 21
Steven E. Protter
Exalted Contributor

тАО08-04-2007 09:31 PM

тАО08-04-2007 09:31 PM

Re: SSH Working very slow

Shalom,

Key factoid:

The authenticity of host '0 (0.0.0.0)' can't be established.

This indicates the DNS lookup is failing.

use nslookup to verify hostname lookup is providing correct answer.

If not, modify /etc/resolv.conf until you are getting good lookups.

Alternately set up the lookups in /etc/hosts

Check that /etc/nsswitch.conf makes sense and looks at files before dns if you try the second suggestion.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
sureshpanavalli
Advisor

тАО08-04-2007 10:08 PM

тАО08-04-2007 10:08 PM

Re: SSH Working very slow

HI,

I think that error was due to known_hosts entry , i will get the login once i type 'yes'

details are attached below.

My issue is ssh is taking more time to get the login

The authenticity of host ' (0.0.0.0)' can't be established.
RSA key fingerprint is bd:50:09:19:19:4a:db:c5:74:d2:02:22:5c:88:21:49.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '0.0.0.0' (RSA) to the list of known hosts.
root@0's password:


0 Kudos
Reply
Safarali
Valued Contributor

тАО08-04-2007 11:13 PM

тАО08-04-2007 11:13 PM

Solution

Re: SSH Working very slow

Hi suresh
how about the speed when try to ssh 0
can you check the speed of ftp and sftp
what is the host name looks up try to do the ssh using IP address

please let me know the result

REgards
Safar
Reply
sureshpanavalli
Advisor

тАО08-04-2007 11:48 PM

тАО08-04-2007 11:48 PM

Re: SSH Working very slow

Same delay happens while trying ssh 0 and sftp into this server

And both telnet and ftp are working perfectly.

Regards,
Suresh.
0 Kudos
Reply
Safarali
Valued Contributor

тАО08-05-2007 01:12 AM

тАО08-05-2007 01:12 AM

Re: SSH Working very slow

Did you try with ip address

REgards
Safar
Reply
sureshpanavalli
Advisor

тАО08-05-2007 01:19 AM

тАО08-05-2007 01:19 AM

Re: SSH Working very slow

Hi,

same delay happens,and

Normally ssh stucks up at this stage

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.1.19.28 [10.1.19.28] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug3: Trying to reverse map address 10.1.19.28.

0 Kudos
Reply
Safarali
Valued Contributor

тАО08-05-2007 01:48 AM

тАО08-05-2007 01:48 AM

Re: SSH Working very slow

OK give me the out put of the following

1. nslookup your ipaddress
2. more /etc/resolv.conf
3. more /etc/nsswitch.conf


Regards
Safar
Reply
sureshpanavalli
Advisor

тАО08-05-2007 02:22 AM

тАО08-05-2007 02:22 AM

Re: SSH Working very slow

nslookup qhus034
Using /etc/hosts on: qhus034

looking up FILES
Name: qhus034afe
Address: 10.1.19.28
Aliases: qhus034.hawaiiantel.com, qhus034
--------------------------------------------

more /etc/nsswitch.conf
#
# /etc/nsswitch.files:
#
# @(#)B.11.11_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any name services.
#
passwd: files [NOTFOUND=continue UNAVAIL=continue] winbind
group: files [NOTFOUND=continue UNAVAIL=continue] winbind
hosts: files [NOTFOUND=continue UNAVAIL=continue] dns [NOTFOUND=return UNAVAIL=continue TRYAGAIN=return]
services: files
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files
--------------------------------------------
more /etc/resolv.conf
domain hawaiiantel.com
search hawaiiantel.com
nameserver 10.1.19.21
nameserver 10.1.19.23
--------------------------------------------
0 Kudos
Reply
sureshpanavalli
Advisor

тАО08-05-2007 02:27 AM

тАО08-05-2007 02:27 AM

Re: SSH Working very slow

Hi,


Details are mentioned below.

cat /etc/resolv.conf
------------------------
domain hawaiiantel.com
search hawaiiantel.com
nameserver 10.1.19.21
nameserver 10.1.19.23
------------------------------------------

nslookup qhus034
Using /etc/hosts on: qhus034

looking up FILES
Name: qhus034afe
Address: 10.1.19.28
Aliases: qhus034.hawaiiantel.com, qhus034
--------------------------------------------

more /etc/nsswitch.conf
#
# /etc/nsswitch.files:
#
# @(#)B.11.11_LR
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any name services.
#
passwd: files [NOTFOUND=continue UNAVAIL=continue] winbind
group: files [NOTFOUND=continue UNAVAIL=continue] winbind
hosts: files [NOTFOUND=continue UNAVAIL=continue] dns [NOTFOUND=return UNAVAIL=continue TRYAGAIN=return]
services: files
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files
0 Kudos
Reply
Safarali
Valued Contributor

тАО08-05-2007 02:42 AM

тАО08-05-2007 02:42 AM

Re: SSH Working very slow

Hi Suresh
copy your nsswitch.conf files to nsswitch.conf.back and edit the nsswitch.conf files as follows

passwd: files
group: files
hosts: files dns
ipnodes: files
services: files
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files

then save and let me know the result

Regards
Safar
Reply
Safarali
Valued Contributor

тАО08-05-2007 02:46 AM

тАО08-05-2007 02:46 AM

Re: SSH Working very slow

Hi suresh if my suggestion not working do
edit the nsswitch.conf with out dns entry even though it is not working stop and start ssh daemone

Regards
Safar
Reply
sureshpanavalli
Advisor

тАО08-05-2007 07:15 AM

тАО08-05-2007 07:15 AM

Re: SSH Working very slow

No progress ..
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО08-05-2007 10:07 AM

тАО08-05-2007 10:07 AM

Re: SSH Working very slow

The very first thing that I would check given your symptoms, is to make certain that your speed/duplex settings match between each host and its corresponding switch port. Surprisingly, a mismatched duplex setting will almost work well and chances are under a telnet connection you wouldn't even notice that you have a problem.
If it ain't broke, I can fix that.
0 Kudos
Reply
Marcel Burggraeve
Trusted Contributor

тАО08-05-2007 08:16 PM

тАО08-05-2007 08:16 PM

Re: SSH Working very slow

What information do you have in /etc/hosts ?
For nslookup you have the following answer from the system :

nslookup qhus034
Using /etc/hosts on: qhus034

looking up FILES
Name: qhus034afe
Address: 10.1.19.28
Aliases: qhus034.hawaiiantel.com, qhus034

In the name field it shows qhus034afe while you do a lookup of qhus034, could this be the cause of your problem ?
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО08-05-2007 08:45 PM

тАО08-05-2007 08:45 PM

Re: SSH Working very slow

Well qhus034 is only a DNS alias to qhus034afe as it looks.

However, please try forward an backward resolution by e.g. the nsquery tool to avoid nslookup (which is behaving pretty strange sometimes, especially on different OS)

e.g.

$ nsquery hosts qhus034 files

$ nsquery hosts qhus034 dns

$ nsquery hosts 10.1.19.28 files

$ nsquery hosts 10.1.19.28 dns

What upsets me a little is that the login name seems to be identical to the host name, at least
gathering from you shell prompt,
you issued

[qhus034@HP-UX]>ssh 0

Also you have a fallback rule in your nsswitch.conf to winbind for passwd.
So do you authenticate against a Windows PDC
or ADS?

What does

$ nsquery passwd qhus034

reveal?

Also check your sshd entries in /var/adm/syslog.log for possible authentication problems (if you haven't defined a separate logfile for auth facility).

Madness, thy name is system administration
Reply
AwadheshPandey
Honored Contributor

тАО08-05-2007 11:20 PM

тАО08-05-2007 11:20 PM

Re: SSH Working very slow

Suresh Babu,

check the link it will do all u need.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=47967&admit=-682735245+1186399029975+28353475

Regards,

Awadhesh
It's kind of fun to do the impossible
Reply
Steven E. Protter
Exalted Contributor

тАО08-05-2007 11:41 PM

тАО08-05-2007 11:41 PM

Re: SSH Working very slow

Shalom,

OpenSSH_3.6.1p2

Old. Known bugs. Recommend newer version from http://software.hp.com

If with ssh connect by hostname is slow and ip address is fast then the issue is either a bad configuration in /etc/nsswitch.conf or more likely a problem with /etc/resolve.conf DNS name servers. Note the issue could simply be the assigned servers answer too slowly. Could be a microsoft problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Safarali
Valued Contributor

тАО08-06-2007 12:17 AM

тАО08-06-2007 12:17 AM

Re: SSH Working very slow

Hi suresh
can I get the output of
lanadmin -x 0
lanadmin -x 1
if your lan cards PPA is 0 and 1 or get your PPA
lanscan -p

Regards
Safar
Reply
OldSchool
Honored Contributor

тАО08-06-2007 03:02 AM

тАО08-06-2007 03:02 AM

Re: SSH Working very slow

1) Check forward and reverse lookup on both the host and the login destination. ssh tries to do a lookup at the destination end as well.

2) I don't know if that version of ssh will use prngd (I know it does at 4.3 and better). using prngd speeds up the process as ssh doesn't have to generate randoms itself.

3) Do you *always* get the message about "unable to establish authenticity"?
0 Kudos
Reply
sureshpanavalli
Advisor

тАО08-06-2007 07:53 AM

тАО08-06-2007 07:53 AM

Re: SSH Working very slow

Hi,

Details are attached,

[/]
[qhus034@HP-UX]>nsquery passwd qhus034

Using "files [NOTFOUND=continue UNAVAIL=continue] winbind " for the passwd policy.

Searching /etc/passwd for qhus034
qhus034 was NOTFOUND

Switch configuration: Allows fallback

Searching winbind for qhus034
This Name Service is currently unavailable

Switch configuration: Allows fallback

All name services have been searched
You have mail in /var/mail/root
[/]
[qhus034@HP-UX]>nsquery hosts qhus034 files

Using "files" for the hosts policy.

Searching /etc/hosts for qhus034
Hostname: qhus034afe
Aliases: qhus034.hawaiiantel.com qhus034
Address: 10.1.19.28
Switch configuration: Terminates Search
[/]
[qhus034@HP-UX]>nsquery hosts qhus034 dns

Using "dns" for the hosts policy.

Searching dns for qhus034
Hostname: qhus034afe.hawaiiantel.com
Aliases: qhus034.hawaiiantel.com
Address: 10.1.19.28
Switch configuration: Terminates Search
[/]
[qhus034@HP-UX]>nsquery hosts 10.1.19.28 files

Using "files" for the hosts policy.

Searching /etc/hosts for 10.1.19.28
Hostname: qhus034afe
Aliases: qhus034.hawaiiantel.com qhus034
Address: 10.1.19.28
Switch configuration: Terminates Search
[/]
[qhus034@HP-UX]>nsquery hosts 10.1.19.28 dns

Using "dns" for the hosts policy.

Searching dns for 10.1.19.28
Hostname: qhus034afe.hawaiiantel.com
Aliases:
Address: 10.1.19.28
Switch configuration: Terminates Search
[/]
[qhus034@HP-UX]>lanadmin -x 0
The link is down. The speed and other link state information
are undefined. The configuration specified for this card is:
Speed = 1000 or 100 or 10 Mbps.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanscan -q
0
12
3
4
900 1 9
901 2 10
902 11
903
904
[/]
[qhus034@HP-UX]>lanadmin -x 900
ERROR: Expected "-" before the sub-option.
[/]
[qhus034@HP-UX]>lanadmin -x 1
Speed = 1000 Full-Duplex.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanadmin -x 9
Speed = 1000 Full-Duplex.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanadmin -x 2
Speed = 1000 Full-Duplex.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanadmin -x 10
Speed = 1000 Full-Duplex.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanadmin -x 11
Speed = 1000 Full-Duplex.
Autonegotiation = On.

[/]
[qhus034@HP-UX]>lanscan -p
0
12
3
4
900
901
902
903
904
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО08-06-2007 07:43 PM

тАО08-06-2007 07:43 PM

Re: SSH Working very slow

Hi Suresh,

thanks for providing the output.

As far as I can see you don't have any mode mismatch/fallback issues with your NIC settings.
Besides, it wouldn't have been necessary to query every PPA that lanscan senses.
Only those used, as displayed by "netstat -in" would have sufficed.

As the nsquery output shows the hostname resolution is ok apart from the query for the user info.
Now I need to ask you if qhus034 is really also the name of a valid user account.
(when you are logged in, what is "id" command showing)?

If it is an actual user (and I haven't been misled by your shell prompt) then this query shows that this user cannot be resolved.




[qhus034@HP-UX]>nsquery passwd qhus034

Using "files [NOTFOUND=continue UNAVAIL=continue] winbind " for the passwd policy.


Searching /etc/passwd for qhus034
qhus034 was NOTFOUND

Switch configuration: Allows fallback

Searching winbind for qhus034
This Name Service is currently unavailable

Switch configuration: Allows fallback

All name services have been searched
You have mail in /var/mail/root



Once again, do you really use WINBIND
for providing this service?
Please, also note that this service at the moment the nsquery command was issued was *not* available.
Maybe this could be an issue?

Madness, thy name is system administration
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.