Login or Register to Ask a Question and Join Our Community


HP-UX

SSH slow at connect

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems HP-UX SSH slow at connect
# 1  
Old 10-08-2012
SSH slow at connect
Hi experts,

We are getting slow ssh session connections at HP-UX 11.31 servers.

We have set the parameters that maybe will affect , and commented at other theads at config file sshd_config :
Code:
UseDNS no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
GSSAPIAuthentication no.

but these parameters no solve the error.

We've put the debug mode and the connection is waitting 10 seconds at ######..



Code:
ssh -v -v -v root@127.0.0.1
OpenSSH_5.6p1+sftpfilecontrol-v1.3-hpn13v7, OpenSSL 0.9.8o 01 Jun 2010
HP-UX Secure Shell-A.05.60.003, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/identity-cert type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6p1+sftpfilecontrol-v1.3-hpn13v7
debug1: match: OpenSSH_5.6p1+sftpfilecontrol-v1.3-hpn13v7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6p1+sftpfilecontrol-v1.3-hpn13v7
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss...00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 115/256
debug2: bits set: 509/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: host 127.0.0.1 filename /.ssh/known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /.ssh/known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /opt/ssh/etc/ssh_known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /opt/ssh/etc/ssh_known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /.ssh/known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /opt/ssh/etc/ssh_known_hosts
debug2: no key of type 0 for host 127.0.0.1
debug3: check_host_in_hostfile: host 127.0.0.1 filename /.ssh/known_hosts2
debug3: check_host_in_hostfile: host 127.0.0.1 filename /opt/ssh/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: host 127.0.0.1 filename /.ssh/known_hosts
debug3: check_host_in_hostfile: host 127.0.0.1 filename /opt/ssh/etc/ssh_known_hosts
debug2: no key of type 2 for host 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 9f:57:2f:04:b9:ec:bd:91:45:2e:d9:29:38:ff:ee:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
debug2: bits set: 523/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/identity (0)
debug2: key: /.ssh/id_rsa (0)
debug2: key: /.ssh/id_dsa (0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug3: no such identity: /.ssh/identity
debug1: Trying private key: /.ssh/id_rsa
debug3: no such identity: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 127.0.0.1 ([127.0.0.1]:22).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 1, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
#############################################################################
#############################################################################

debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last successful login: Fri Sep 28 14:52:23 METDST 2012 10.4.3.97
Last authentication failure: Fri Sep 28 14:52:16 METDST 2012 10.4.3.97
Last login: Fri Sep 28 14:52:43 2012 from 10.4.3.97
(c)Copyright 1983-2006 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2006 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.

Confidential computer software. Valid license from HP required for
possession, use or copying. Consistent with FAR 12.211 and 12.212,
Commercial Computer Software, Computer Software Documentation, and
Technical Data for Commercial Items are licensed to the U.S. Government
under vendor's standard commercial license.

You have mail.

Value of TERM has been set to "xterm".
WARNING: YOU ARE SUPERUSER !!


Thanks a lot
Last edited by vbe; 10-08-2012 at 05:24 AM..
# 2  
Old 10-08-2012
Have you checked for high load or low available free RAM on the server?
# 3  
Old 10-08-2012
No Ram or High load
Hi,

This isssue is on all the HP-UX servers, and there is no Ram or high load issue.

Thanks for answer,
# 4  
Old 10-11-2012
When you say "all the HP-UX" server you mean others (AIX, SOLARIS...) have no?
# 5  
Old 10-22-2012
HI
We've got Red Hat Linux RHEL5 but at this box the SSH is running well.

At HP-UX boxes is where the SSH connection is slow. Also we 've realised that doing a telnet connection throw HP-UX boxes is working fine, it's seems to be so the main issue is that it'll be a configuration parameter that doing slow connection.

Cheers.
# 6  
Old 10-25-2012
Hi, it maybe could be an issue with the dns resolver.
If the dns entries are not resolvable, it could take longer to connect with ssh to your server.

Could you elaborate on the term "slow connections".
Is the etablishion of a connection slow, or did you get slow transfer rates from ... to ssh.

cheers ...

---------- Post updated at 02:04 PM ---------- Previous update was at 01:49 PM ----------

Quote:
Originally Posted by sdohn
Hi, it maybe could be an issue with the dns resolver.
If the dns entries are not resolvable, it could take longer to connect with ssh to your server.

Could you elaborate on the term "slow connections".
Is the etablishion of a connection slow, or did you get slow transfer rates from ... to ssh.

cheers ...


check /etc/resolv.conf
Did you have a system without such this problem, then compare
Is the IP your are trying to connect available in /etc/hosts
Check your etc/nsswitch.conf file
hosts: files dns
ipnodes: files dns
Should have entries in above orders.
Are there problems with your main dns server in case that the second dns server answers your dns queries?
What says the /var/adm/syslog/syslog.log about your problem . Check it!
# 7  
Old 10-30-2012
Hi,

We have set only nsswitch.conf in some systems HP-UX:

Code:
# cat etc/nsswitch.conf
hosts: files [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] dns
 
# cat /etc/resolv.conf
cat: Cannot open /etc/resolv.conf: No such file or directory

In this case, the connection is slow.

In other cases, we have set the two files:

Code:
# cat etc/nsswitch.conf
hosts: files [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] dns
 
# cat resolv.conf
search LLL.com
nameserver XXX
nameserver YYY

In this case, the conection is slow, too.

I checked in the syslog.log i cannot see error related.

Thanks a lot,
Last edited by zaxxon; 10-30-2012 at 11:50 AM.. Reason: code tags, see PM
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Slow ssh on Solaris 10 zone

ssh is slow on solaris zone , and is getting stuck at the following place. debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug3: Wrote 664 bytes for a total of 3325 Below is the ssh version being used: Sun_SSH_1.1.6, SSH protocols 1.5/2.0, OpenSSL 0x0090704f ... (10 Replies)
Discussion started by: skamal4u
10 Replies

2. SuSE

SLES 11.2 slow SSH password prompt

We are having an issue with slow password prompts via SSH login on all of our SLES 11.2 boxes. The output from a ssh -v login attempt shows a delay here: debug1: SSH2_MSG_SERVICE_ACCEPT receivedThis issue only happens on the first logon of the day; subsequent logons are normal. Adding the client's... (8 Replies)
Discussion started by: j_aix
8 Replies

3. Solaris

Slow ssh connection after patching

I have Solaris-10 server which was patched by patch cluster last weekend. After patching, it connects slow with other server. Meaning, when I do - ssh server2 OR ssh wluser2@server2 OR ssh root@server2 It waits for 9-10 seconds and then prompt for password, while it used to be instant... (2 Replies)
Discussion started by: solaris_1977
2 Replies

4. Shell Programming and Scripting

Net::SSH::Perl slow to login.

I have some sample code that's supposed to ssh to another machine using Net::SSH::Perl, execute a command, and print the output of that command. It's very basic, and it works. However, I noticed that upon logging in: $ssh->login('username','password'); It takes roughly 10-13 seconds to... (2 Replies)
Discussion started by: mrwatkin
2 Replies

5. Solaris

Slow login via SSH

Hi Guys and Girls, I know this is a common question but I've searched and we've tried the suggestions without luck. When I log into the box via SSH from a windows machine I get a 1 min 20 sec delay. If we add my IP address and machine name to /etc/hosts then I get an instant login. I would be happy... (12 Replies)
Discussion started by: MikeKulls
12 Replies

6. Solaris

ssh very slow

I'm facing a problem when trying to ssh to SUN servers with solaris OS,it takes a long time until prompted for password ..after connecting to the server everything work fine..how can I solve this issue??? (11 Replies)
Discussion started by: mm00123
11 Replies

7. IP Networking

Samba Slow to Connect Xp to Solaris

Hi everyone, I posted this on the Solaris forums but so far no one has been able to help... I'm new to solaris and I've installed 10, update 5. I've configured samba (very badly I believe) so that I can access my solaris box from my XP 64 computer. Both are on a local network (connected via... (1 Reply)
Discussion started by: ciscocbee
1 Replies

8. UNIX for Dummies Questions & Answers

Painfully Slow SSH login on Solaris box

Running open solaris on a e420 that I recently picked up. Having issues sshing to it from either of my Linux boxes as its very slow to login (from the solaris box to the linux box it connects just fine. Here is the output of ssh -vvv. I have hightlighted where it seems the slowdown is. Does... (0 Replies)
Discussion started by: creedog
0 Replies

9. UNIX for Dummies Questions & Answers

SSH and FTP connect slow

Hi again guys, Earlier today, just all of a sudden, all SSH and FTP connections to my internal Linux box just slowed down to a crawl. After the connection/authentication though, everything was back to normal speed. Until you have to connect again. A box reboot didnt work either. Now, from... (1 Reply)
Discussion started by: Aeros
1 Replies

10. BSD

ipfw slow ssh and ftp connections

just as the title says. thanks. #General Rule Sets /sbin/ipfw add 0300 check-state /sbin/ipfw add 0301 deny tcp from any to any in established /sbin/ipfw add 0302 pass tcp from any to any out setup keep-state /sbin/ipfw add 0303 pass udp from any to any out #SSH FTP /sbin/ipfw add 0400... (11 Replies)
Discussion started by: dwildgoose
11 Replies
Login or Register to Ask a Question