?
Solved

SSH slow

Posted on 2011-03-11
8
Medium Priority
?
675 Views
Last Modified: 2012-06-21
I have a DMZ Linux server which is having SSH connection issues.

--> when I access the server using putty, It quickly gives a login prompt. But it takes almost 30 seconds to give the password prompt. Once I get the password prompt, Enter the password. Its quick. What couple be the problem

The server is in DMZ and we dont have a DNS in the DMZ. Till date I thought that ssh was looking a reverse look up and since it cannot, Its taking time. But there are other Linux servers which have no issues. Should there be some changes made to the sshd_config file
0
Comment
Question by:mnis2008
  • 4
  • 2
  • 2
8 Comments
 
LVL 3

Expert Comment

by:tearman
ID: 35112964
You might have too many acceptable access mechanisms enable in libPAM or in your sshd_config.  either that or its looking in a bad file.

Or you're trying to pass it a public key (or multiple public keys) that aren't working.
0
 

Author Comment

by:mnis2008
ID: 35113006
Hello Tearman, I am not using any keys. Attached is my sshd_config and I dont think I have many access mechanisms.
#       $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel DEBUG

# Authentication:

LoginGraceTime 1m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
ChallengeResponseAuthentication=yes
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
#AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
#AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
#AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /etc/issue
Banner /etc/motd

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

Open in new window

0
 
LVL 3

Expert Comment

by:tearman
ID: 35113057
Disable UsePAM and GSSAPI and see if that speeds you up at all, those might be unconfigured which leads to the issue.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 7

Expert Comment

by:droyden
ID: 35113063
Check your DNS configuration, chances are its timing out and thats whats giving the delayed response
0
 

Author Comment

by:mnis2008
ID: 35113076
Its still the same issue.
0
 

Author Comment

by:mnis2008
ID: 35113086
This server is in the DMZ and DMZ doesnot have a DNS server. Is it that its trying to do a reverse DNS lookup.
0
 
LVL 7

Accepted Solution

by:
droyden earned 2000 total points
ID: 35113172
yeah, it will be trying to reverse the connecting IP address. You can possibly get around this by stickign your ip in the hosts file. You can also set "UseDns No" in /etc/ssh/sshd_config and restart ssh
0
 

Author Comment

by:mnis2008
ID: 35113221
FIXED....... now its not asking....
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month17 days, left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question