Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Very big delay (about 300 sec) before autentification

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Very big delay (about 300 sec) before autentification
# 1  
Old 01-24-2014
Very big delay (about 300 sec) before autentification
Dear all,

I got a problem and have no idea how to solve it.
I was searching in the forum and google it and have found similar problem but provided solution doesn't help me.

I have Solaris 11:

Code:
        Oracle Solaris 11 11/11 X86
  Copyright (c) 1983, 2011, Oracle and/or its affiliates.  All rights reserved.
                            Assembled 18 October 2011

If I try to telnet or ssh to my Solaris 11 server I have to wait about 300 seconds before I get request for Login / password to login to the server.
If I try ftp - it connects immediately, but if I choose sftp - same story as with telnet and ssh..

Same issue when I trying to login from different servers which in different subnet (Windows and Solaris based).

Here is my /etc/hosts file:

Code:
root@solaris:~# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1 solaris localhost 
127.0.0.1 solaris localhost loghost 
10.75.52.41     solaris
10.75.52.1      gateway
10.10.121.233   azfn0312
root@solaris:~#

Here is my nsswitch.conf file:

Code:
root@solaris:~# cat /etc/nsswitch.conf 

#
# Copyright (c) 1991, 2014, Oracle and/or its affiliates. All rights reserved.
#

#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
#   DO NOT EDIT THIS FILE.  EDITS WILL BE LOST.
# See nsswitch.conf(4) for details.

passwd: files
group:  files
hosts:  files
ipnodes:        files
networks:       files
protocols:      files
rpc:    files
ethers: files
netmasks:       files
bootparams:     files
publickey:      files
netgroup:       files
automount:      files
aliases:        files
services:       files
printers:       user files
project:        files
auth_attr:      files
prof_attr:      files
tnrhtp: files
tnrhdb: files
root@solaris:~#

Here is my ifconfig:

Code:
root@solaris:~# ifconfig -a
lo0: flags=2001000848<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 0.0.0.0 netmask ff000000 
net1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.75.52.41 netmask ffffff00 broadcast 10.75.52.255
        ether ac:16:2d:74:2e:21 
lo0: flags=2002000848<LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::/128 
net1: flags=20002000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        inet6 ::/0 
        ether ac:16:2d:74:2e:21 
root@solaris:~#

Here is ipadm show-if:

Code:
root@solaris:~# ipadm show-if
IFNAME     CLASS    STATE    ACTIVE OVER
lo0        loopback down     no     --
net1       ip       ok       yes    --
root@solaris:~#

Here is ipadm show-addr:

Code:
root@solaris:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
net1/switch       static   ok           10.75.52.41/24
root@solaris:~#

Here is my /etc/ssh/ssh_config file:

Code:
root@solaris:~# cat /etc/ssh/ssh_config
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "%Z%%M% %I%     %E% SMI"
#
# This file provides defaults for ssh(1).
# The values can be changed in per-user configuration files $HOME/.ssh/config
# or on the command line of ssh(1).

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file /etc/ssh/ssh_config
#
# Any configuration value is only changed the first time it is set.
# host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Example (matches compiled in defaults):
#
# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PubkeyAuthentication yes
#   PasswordAuthentication yes
#   FallBackToRsh no
#   UseRsh no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking ask
#   EscapeChar ~
root@solaris:~#

As you can see from nsswitch.conf - I am not using dns.

Code:
root@solaris:~# ps -ef | grep dns
    root  1497  1393   0 10:16:00 pts/1       0:00 grep dns
root@solaris:~#

If i run ssh in debug mode, I can see that it hanging here:

Code:
[root@dsafn1 ~]# ssh -vvv support@10.75.52.41
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.75.52.41 [10.75.52.41] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /root/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_dsa type 2
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.0
debug1: no match: Sun_SSH_2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent

Cold you please help me to find out what is the problem?

Thanks in advance
Last edited by nypreH; 01-24-2014 at 02:36 AM..
# 2  
Old 01-24-2014
If I understand you correctly, clients experience a very long delay connecting to the Solaris box. So the fact that the Solaris doesn't use DNS is surely irrelevant. Question is what is the DNS setup of the clients.

What you describe has all the hallmarks of a DNS issue ie, name resolution delays (or possibly mis-routing on the network).

What if you telnet from a client giving the Solaris ip address instead of nodename?

What is the DNS environment that the clients are in????
Last edited by hicksd8; 01-24-2014 at 08:25 AM..
# 3  
Old 01-24-2014
Nor sure but seems like your ~/.ssh/id_rsa or ~/.ssh/id_dsa file is currupted.
Check that once.
# 4  
Old 01-24-2014
The problem seems clear from the log file:

Code:
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace

I'm not sure why you would ask "what is the problem" when the problem seems well defined in the logfile.

If you reconfigure this to authenticate with the "correct" keys first, it will be much faster.

For example, here is a "good" exchange:


Code:
$neo-MacBook-Air:~ neo$ ssh -vvv neo@myplace.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myplace.com [5.39.145.xxx] port 22.
debug1: Connection established.
debug1: identity file /Users//.ssh/id_rsa type -1
debug1: identity file /Users/neo/.ssh/id_rsa-cert type -1
debug1: identity file /Users/neo/.ssh/id_dsa type -1
debug1: identity file /Users/neo/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1
debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH_5*

# 5  
Old 01-24-2014
Yes, but the OP says that telnet is just as slow as ssh.
# 6  
Old 01-24-2014
Quote:
Originally Posted by hicksd8
Yes, but the OP says that telnet is just as slow as ssh.
Some telnet servers try to find the hostname of a client connection and this can cause slow connections when there is a DNS problem.
# 7  
Old 01-25-2014
Quote:
Originally Posted by hicksd8
Yes, but the OP says that telnet is just as slow as ssh.
Yes, but that can be a different problem, as fpmurphy says next:

Quote:
Originally Posted by fpmurphy
Some telnet servers try to find the hostname of a client connection and this can cause slow connections when there is a DNS problem.
System logging is just about the best friend a system admin has; and the log file seems pretty clear on what the problem is.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Openssl trouble by autentification

Hi, I got following problem I want to use encrypted password and login for my script for oracle DB. #This was created with echo "login" | openssl enc -base64 and echo "password" | openssl enc -base64 login= bG9naW4K passwd= cGFzc3dvcmQK Im using following... (4 Replies)
Discussion started by: kvok
4 Replies

2. Shell Programming and Scripting

Repeat a command for one sec

How to repeat the execution of a simple command like the following for 1 sec ? echo Hi The completion time for the command is not known, but we need to calculate the number of times this commans executes successfully within 1 sec. Thanks Kumarjit (5 Replies)
Discussion started by: kumarjt
5 Replies

3. UNIX for Dummies Questions & Answers

How big is too big a config.log file?

I have a 5000 line config.log file with several "maybe" errors. Any reccomendations on finding solvable problems? (2 Replies)
Discussion started by: NeedLotsofHelp
2 Replies

4. UNIX for Dummies Questions & Answers

How to view a big file(143M big)

1 . Thanks everyone who read the post first. 2 . I have a log file which size is 143M , I can not use vi open it .I can not use xedit open it too. How to view it ? If I want to view 200-300 ,how can I implement it 3 . Thanks (3 Replies)
Discussion started by: chenhao_no1
3 Replies
Login or Register to Ask a Question