Login or Register to Ask a Question and Join Our Community


Solaris

Slow ssh on Solaris 10 zone

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Slow ssh on Solaris 10 zone
# 1  
Old 03-22-2018
Slow ssh on Solaris 10 zone
ssh is slow on solaris zone , and is getting stuck at the following place.

debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 664 bytes for a total of 3325
Below is the ssh version being used: Sun_SSH_1.1.6, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

Below is the sshd config file:

Protocol 2
UseDNS yes
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
Subsystem sftp /xxx/openssh/sftp-server
AuthorizedKeysCommand /usr/local/bin/ldap_ssh_authorizedkeys
AuthorizedKeysCommandUser nobody

tried changing useDNS,GSSAPIAuthentication values to no and didn't help. Could someone please help with this problem ?

on global zone ssh is quick
# 2  
Old 03-22-2018
Does that zone have its own dedicated network interface or is it sharing one with the global zone?

And, is it slow to connect or also slow when being used as well?
# 3  
Old 03-22-2018
zone doesn't have dedicated network interface , the zone is not slow in performance , the app running on it performing well , the load average is also normal . only issue is ssh . recently we moved to openssh & then issue started .
# 4  
Old 03-22-2018
Why is usePAM turned on? Those are add-on object files that perform special tasks, and they are not nesessarily portable from one flavor of ssh to another.

Can you post the output of
Code:
ssh -vvv

from a connection attempt from another server to the problem zone?
# 5  
Old 03-23-2018
Code:
ssh -A xxxx -vvv
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxxx [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/identity type -1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /Users/praveen_sriperumbudhuri/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_rsa type 1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_rsa-cert type -1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_dsa type -1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_dsa-cert type -1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_ecdsa type -1
debug1: identity file /Users/praveen_sriperumbudhuri/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 864 bytes for a total of 885
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 909
debug2: dh_gen_key: priv key bits set: 159/320
debug2: bits set: 1577/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 416 bytes for a total of 1325
debug3: check_host_in_hostfile: host xxxxx filename /Users/praveen_sriperumbudhuri/.ssh/known_hosts
debug3: check_host_in_hostfile: host xxxxx filename /Users/praveen_sriperumbudhuri/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4653
debug3: check_host_in_hostfile: host x.x.x.x filename /Users/praveen_sriperumbudhuri/.ssh/known_hosts
debug3: check_host_in_hostfile: host x.x.x.x filename /Users/praveen_sriperumbudhuri/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1690
debug1: Host ‘xxxx’ is known and matches the RSA host key.
debug1: Found key in /Users/praveen_sriperumbudhuri/.ssh/known_hosts:4653
debug2: bits set: 1590/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1341
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1393
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key:[*] yubikey-3504459 (0x55e00bb36f70)
debug2: key: /Users/praveen_sriperumbudhuri/.ssh/identity ((nil))
debug2: key: /Users/praveen_sriperumbudhuri/.ssh/id_rsa (0x55e00bb31110)
debug2: key: /Users/praveen_sriperumbudhuri/.ssh/id_dsa ((nil))
debug2: key: /Users/praveen_sriperumbudhuri/.ssh/id_ecdsa ((nil))
debug3: Wrote 84 bytes for a total of 1477
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address x.x.x.x.
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1372003379' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1372003379' not found

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key:[*] yubikey-3504459
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 388 bytes for a total of 1865
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: SHA1 fp 13:55:bb:e1:b8:2f:c6:2f:2c:1c:97:29:af:c7:1e:aa:7e:77:12:b1
debug3: sign_and_send_pubkey: RSA 13:55:bb:e1:b8:2f:c6:2f:2c:1c:97:29:af:c7:1e:aa:7e:77:12:b1
debug3: Wrote 660 bytes for a total of 2525
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 2661
debug2: callback start
debug1: Requesting authentication agent forwarding.
debug2: channel 0: request auth-agent-req@openssh.com confirm 0
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_TTY
debug1: Sending env LC_ALL = C
debug2: channel 0: request env confirm 0
debug3: Ignored env USER
debug3: Ignored env LD_LIBRARY_PATH
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env PS1
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug1: Sending env LANGUAGE = C
debug2: channel 0: request env confirm 0
debug3: Ignored env LOGNAME
debug3: Ignored env CVS_RSH
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 664 bytes for a total of 3325

Moderator's Comments:
Mod Comment
Please wrap all code, files, input & output/errors in CODE tags.
It makes them far easier to read and preserves spaces for indenting or fixed-width data
Last edited by rbatte1; 03-23-2018 at 09:50 AM.. Reason: Added Code tags and removed auto-email tags
# 6  
Old 03-23-2018
Quote:
Originally Posted by jim mcnamara
Why is usePAM turned on? Those are add-on object files that perform special tasks, and they are not nesessarily portable from one flavor of ssh to another.
[..]
Hi Jim, if usePAM is turned off then the PAM stack is bypassed altogether by sshd . I think this option is portable if as long as PAM simply exists on a particular Unix flavour and it should typically be switched on IMHO..
# 7  
Old 03-23-2018
hi Scrutinizer,
We had Solaris 10 issues with what turned out to be "foreign" PAM objects. This may not be the case here, you are correct.

Skamal4u -
I do not see anything except some RSA keys being rejected. Which may be okay.

Please define "slow", do you mean:
1. slow to connect initially - i.e., slow login
2. slow to transfer data
3. Both 1 & 2

Does the effect happen for all users?

With regard to the key - did you copy the key it is complaining about to or from a windows machine. Go to the .ssh directory for praveen_sriperumbudhuri. I think the file in question may have windows carriage control. Use the vi editor to check but do not change the key file - do you see ^M characters? If so, you can convert the file using dos2unix -as the the user preveen.
Last edited by jim mcnamara; 03-23-2018 at 09:27 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Solaris 11 zone has no external network access (except to Global Zone)

Hi, hoping someone can help, its been a while since I used Solaris. After creating a NGZ (non global zone), the NGZ can access the GZ (Global Zone) and the GZ can access the NGZ (using ssh, zlogin) However, the NGZ cannot access any other netwqork devices, it can't even see the default router ... (2 Replies)
Discussion started by: GazinLincoln
2 Replies

2. Solaris

Solaris 11 Global zone patching having Solaris 10 branded zone

I am planning to do solaris 11 global zone patching having solaris 10 branded zone. I have a doubts on step 8 specially Can someone clear my step 8 doubts or if anything wrong between step 1 to step 9 please correct that also as I have pretty good idea about Step 10 mean patching in solaris 10... (2 Replies)
Discussion started by: amity
2 Replies

3. UNIX for Advanced & Expert Users

Solaris 10: I forgot to detach a zone before zpool export. Uninstall zone?

Dear all, recently, I migrated a solaris zone from one host to another. The zone was inside of a zpool. The zpool cotains two volumes. I did the following: host1: $ zlogin zone1 shutdown -y -g0 -i0 #Zone status changes from running to installed $ zpool export zone1 host2: $ zpool... (2 Replies)
Discussion started by: custos
2 Replies

4. HP-UX

SSH slow at connect

Hi experts, We are getting slow ssh session connections at HP-UX 11.31 servers. We have set the parameters that maybe will affect , and commented at other theads at config file sshd_config : UseDNS no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost no GSSAPIAuthentication no. ... (7 Replies)
Discussion started by: SapBasisSystem
7 Replies

5. Solaris

Solaris 10 local zone on Solaris 11 global zone

Hi, A quick question: Can Solaris 10 local zones be moved to a Solaris 11 global zone and work well? Thank you in advance! (5 Replies)
Discussion started by: aixlover
5 Replies

6. Solaris

ssh very slow

I'm facing a problem when trying to ssh to SUN servers with solaris OS,it takes a long time until prompted for password ..after connecting to the server everything work fine..how can I solve this issue??? (11 Replies)
Discussion started by: mm00123
11 Replies

7. Solaris

Solaris Zone : Non global Zone check failed

Hi All , I try to install some packages in my global zone... On the execution of the installion of the script it quits by saying the error "Non global zone check failed" Kindly help me in this regard Thanks in advance, jeganr (7 Replies)
Discussion started by: jegaraman
7 Replies

8. UNIX for Dummies Questions & Answers

Painfully Slow SSH login on Solaris box

Running open solaris on a e420 that I recently picked up. Having issues sshing to it from either of my Linux boxes as its very slow to login (from the solaris box to the linux box it connects just fine. Here is the output of ssh -vvv. I have hightlighted where it seems the slowdown is. Does... (0 Replies)
Discussion started by: creedog
0 Replies

9. Solaris

Solaris 9 slow login thru ssh & ftp

When I ssh to my box, an Ultra 5. I get prompted for password immediately. I enter it and have to wait sometimes a full minute for it to prompt for a password. The same thing happens when i try to ftp to the box, it will say connected, but it takes forever to prompt for password, and... (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies
Login or Register to Ask a Question