Login or Register to Ask a Question and Join Our Community


Emergency UNIX and Linux Support

Time delay problem in asking password

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Homework and Emergencies Emergency UNIX and Linux Support Time delay problem in asking password
# 1  
Old 08-23-2012
Time delay problem in asking password
Hi All,

I have solaris-11 global and multiple non-global zones running, which all are on same network. They are not in NIS. When we open putty session and give user-name, it takes long time in asking password (around 40-50 seconds) on Global zone. While on non-global zones, it is working perfect. Same problem is with another global also and there also non-global zones are fine, so I am sure, there is some mis-configuration.
I am not getting pointer, where to look at.
Please help.

Regards
# 2  
Old 08-23-2012
Putty is basically a ssh-session. Try starting some ssh to the system in question from the command line using the "-v" ("-vvv") switch to make it more verbose. Capture and analyse the output. Maybe you see the problem there.

I hope this helps.

bakunin
# 3  
Old 08-23-2012
Hi Bakunin,
It is stopping after debug1: got SSH2_MSG_SERVICE_ACCEPT for around 40-50 seconds and then will continure further. And it is same for root user as well as non-root user.
Code:
vthoutam@svrnjc003:/etc$ ssh -vvv root@172.28.21.6
Sun_SSH_2.0, SSH protocols 1.5/2.0, OpenSSL 0x1000005f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 172.28.21.6 [172.28.21.6] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/identity
debug1: Identity file/URI '/home/vthoutam/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/id_rsa
debug1: Identity file/URI '/home/vthoutam/.ssh/id_rsa' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/id_dsa
debug1: Identity file/URI '/home/vthoutam/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: 172.28.21.6
debug1: Local user: vthoutam Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.0
debug1: match: Sun_SSH_2.0 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.0
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1601/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /home/vthoutam/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 1
debug1: Host '172.28.21.6' is known and matches the RSA host key.
debug1: Found key in /home/vthoutam/.ssh/known_hosts:1
debug1: bits set: 1611/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug3: aes-128-ctr NID found
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug3: aes-128-ctr NID found
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT -------> Its waits here
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/vthoutam/.ssh/identity
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/identity
debug3: no such identity: /home/vthoutam/.ssh/identity
debug1: Trying private key: /home/vthoutam/.ssh/id_rsa
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/id_rsa
debug3: no such identity: /home/vthoutam/.ssh/id_rsa
debug1: Trying private key: /home/vthoutam/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /home/vthoutam/.ssh/id_dsa
debug3: no such identity: /home/vthoutam/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

# 4  
Old 08-23-2012
hmm... I hope you aren't too disappointed when i tell you i can't see anything obvious. ;-))

IMHO the only way to find out is to systematically prove one after the other part to not be the culprit. Lets start: which parts are participating in the connection: the two hosts, the network, the DNS (and/or any other name-resolving system). My guess is the latter, because it seems to be some sort of time-out, which causes this.

"ping" should tell us if there are any network problems.

Name resolution could be temporarily switched off and replaced by "/etc/hosts" entries (analogous on Windoze systems). Switch off "WINS" name resolution (better yet switch off the whole "NetBIOS TCP-Helper", TCP works best unhelped by inferior protocol stacks - nobody uses this damn thing anyway) and also disable NetBIOS as far as possible (shut down Workstation and Server services, etc.). Then try again and see if the timeout persists.

It might be helpful to try "nslookup <remote-host>" on the command line first on both sides. Try not only the hosts name but also the hosts IP address, maybe the reverse lookup tables are broken/not well looked after in the DNS server (this happens quite often). You might see the same timeout in one of these tries. Remove the reason and try again, maybe the timeout is gone.

I hope this helps.

bakunin
# 5  
Old 08-23-2012
Hi,

Bakunin is correct, my experience of these types of problem would point me at the reverse lookup. I'd be tempted to check the DNS entries for the system.

Regards

Dave
# 6  
Old 08-28-2012
Hi Dave/Bakunin,
You have a point, but here dns is not coming into picture. I removed dns word from /etc/nsswitch.conf, even then it is taking long time to connect. Also, dns is not pingable from any server, so dns or lookup problem is a different story.
Do you think, there is something with key or authentication or something ? Because it is stopping at below line, while we do ssh -vvv
PHP Code:
debug1got SSH2_MSG_SERVICE_ACCEPT -------> Its waits here
debug1Authentications that can continue: publickey,password,keyboard-interactive 
It looks like, it is not anything with network, but something to OS only.
# 7  
Old 08-28-2012
Hi, as Bakunin says, DNS would be my first thing to check.
I had an identical problem with ssh only, nslookup was working just fine.
Turned out to be bind Vs bind4 setting in (AIX) resolver order configuration file (netsvc.conf).

Im not sure in Solaris where this order is configured (nsswitch.conf ?), or if there are explicit declarations for bind and bind4.

Worth checking though.

Check out the last comment in this thread for the problem I had.
developerWorks : AIX and UNIX : AIX Forum : Warning: system problems due to DNS ...

HTH
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Sendmail delay: 3 mins 11 secs... Every time.

Hi all, I would like some help with a sendmail problem: We have a new system comprising of 4 T7-1 servers, each hosting 5 LDOMs, all domains running Solaris 11.3 All emails sent from every one of these domains (including the control domains) sit in the queue for 3 mins 11 secs (sometime 3m 12s,... (11 Replies)
Discussion started by: Mysturji
11 Replies

2. Shell Programming and Scripting

How to give password at run time in a shell script?

hi, how can i pass a password automatically when a shell script is running. i have shell script(runscript.sh) which call another shell script inside it as a different user. runscript.sh contains su - nemo -c "/bin/main_script.sh" but when i execute "runscript.sh" it try to run... (7 Replies)
Discussion started by: Little
7 Replies

3. UNIX for Advanced & Expert Users

Update users password change time

Hello - Is this possible on Unix machines? Can we update user password change time? (6 Replies)
Discussion started by: manju--
6 Replies

4. UNIX for Dummies Questions & Answers

machine hangs for some time after giving password.

Hi I m trying to take a console of linux machine using putty. Whenever i connect to the machine and give password details to log into the machine it hangs for some time and then it allow the login. I m totally clueless why it is happening suddenly . ---------- Post updated at 01:14 AM... (1 Reply)
Discussion started by: pinga123
1 Replies

5. Shell Programming and Scripting

Time delay for awk

I have an awk script, and want to introduce a time delay. How can I do this? (3 Replies)
Discussion started by: kristinu
3 Replies

6. UNIX for Dummies Questions & Answers

Command to delay password entry - putty connection manager

Hi all, putty connection manager is great but when attempting to sudo or ssh to another box via the post login commands it is subject to issues due to network latency (what happens is that pcm enters the password before the unix box is ready to receive it). Is there any clever way I can make... (1 Reply)
Discussion started by: skinnygav
1 Replies

7. Shell Programming and Scripting

Calculating delay time - bash

Hi, I am having the following problem. test > hourOfDay=06 ; delayTime=$(((9-$hourOfDay)*60)) ; echo $delayTime 180 test > hourOfDay=07 ; delayTime=$(((9-$hourOfDay)*60)) ; echo $delayTime 120 test > hourOfDay=08 ; delayTime=$(((9-$hourOfDay)*60)) ; echo $delayTime bash: (9-08: value... (5 Replies)
Discussion started by: jbsimon000
5 Replies

8. Cybersecurity

One time password

Hi folks, Postfix 2.3.8 SquirrelMail 1.4.11 I'm prepared installing One-time-password on SquirrelMail as experiment and don't have a clue to start. On googling I found; SquirrelMail and OPTs WiKID Strong Authentication System SourceForge.net: WiKID Strong Authentication System... (7 Replies)
Discussion started by: satimis
7 Replies

9. Solaris

lock time delay

I have a Sol system. The lock timeout is default 15 minutes. I tried to make it longer but cannot by lock -t timeout Anyon can tell me the cmd in solai for this please. A thank in advance (2 Replies)
Discussion started by: part-time-user
2 Replies

10. BSD

Reduce boot-time delay on FreeBSD?

Say for instance, I would like to reduce the delay/waiting time for the boot-time menu from 10 seconds to 5 seconds, how would I go about doing it? From what I've been able to find, entering "autoboot 5" into the right file would take care of that for me, but the man pages are unclear as to... (1 Reply)
Discussion started by: DownSouthMoe
1 Replies
Login or Register to Ask a Question