I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this: debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received and then it sits there for 1-2 minutes and then this output blasts out: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Next authentication method: publickey debug1: Trying private key: /home/motor/.ssh/id_rsa debug1: Trying private key: /home/motor/.ssh/id_dsa debug1: Trying private key: /home/motor/.ssh/id_ecdsa debug1: Trying private key: /home/motor/.ssh/id_ed25519 debug1: Next authentication method: password And then the password prompt comes out. This happens no matter which user is logging in. It only happens on the 1 system. I have 5 others where the proceeds without the delay. There are no disk or memory or any other errors in the logs. What could be causing it to delay like this?
On Wed, November 16, 2016 5:07 pm, Larry Martell wrote:> I have a CentOS 7 system and when I login with putty or ssh there is a > long delay before I get the password prompt.First thing I would check is that that system doesn't have unaccessible DNS server listed in: /etc/resolv.conf (another thing, similarly DNS related: if you have caching name server on that box, check if that doesn't cause delay the you see). Valeri> I ran ssh -v and I found > that it gets up to this: > > debug1: ssh_ecdsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > > and then it sits there for 1-2 minutes and then this output blasts out: > > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Unspecified GSS failure. Minor code may provide more information > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Next authentication method: publickey > debug1: Trying private key: /home/motor/.ssh/id_rsa > debug1: Trying private key: /home/motor/.ssh/id_dsa > debug1: Trying private key: /home/motor/.ssh/id_ecdsa > debug1: Trying private key: /home/motor/.ssh/id_ed25519 > debug1: Next authentication method: password > > And then the password prompt comes out. This happens no matter which > user is logging in. It only happens on the 1 system. I have 5 others > where the proceeds without the delay. > > There are no disk or memory or any other errors in the logs. > > > What could be causing it to delay like this? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 11/16/2016 3:07 PM, Larry Martell wrote:> I have a CentOS 7 system and when I login with putty or ssh there is a > long delay before I get the password prompt. I ran ssh -v and I found > that it gets up to this: > > debug1: ssh_ecdsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > > and then it sits there for 1-2 minutes and then this output blasts out:wild guess says someone is doing a reverse DNS lookup thats timing out. -- john r pierce, recycling bits in santa cruz
Edit /etc/ssh/sshd_config Set: UseDNS no GSSAPIAuthentication no Save, restart sshd, try again. digimer On 16/11/16 06:07 PM, Larry Martell wrote:> I have a CentOS 7 system and when I login with putty or ssh there is a > long delay before I get the password prompt. I ran ssh -v and I found > that it gets up to this: > > debug1: ssh_ecdsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > > and then it sits there for 1-2 minutes and then this output blasts out: > > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: gssapi-keyex > debug1: No valid Key exchange context > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Unspecified GSS failure. Minor code may provide more information > debug1: Unspecified GSS failure. Minor code may provide more information > No Kerberos credentials available > debug1: Next authentication method: publickey > debug1: Trying private key: /home/motor/.ssh/id_rsa > debug1: Trying private key: /home/motor/.ssh/id_dsa > debug1: Trying private key: /home/motor/.ssh/id_ecdsa > debug1: Trying private key: /home/motor/.ssh/id_ed25519 > debug1: Next authentication method: password > > And then the password prompt comes out. This happens no matter which > user is logging in. It only happens on the 1 system. I have 5 others > where the proceeds without the delay. > > There are no disk or memory or any other errors in the logs. > > > What could be causing it to delay like this? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
On 17/11/16 16:34, Digimer wrote:> Edit /etc/ssh/sshd_config > > Set: > > UseDNS no > GSSAPIAuthentication no > > Save, restart sshd, try again.This will certainly stop the long timeout, but I prefer telling people to fix their DNS. The long timeout is indicative of a DNS issue and turning off DNS for ssh is just masking the real problem. I prefer to leave DNS on for ssh as it's a good indicator for me of when I have to fix something. Peter