?
Solved

SSH not responding right after authentication

Posted on 2011-05-01
24
Medium Priority
?
604 Views
Last Modified: 2012-05-11
Hi,
We have a SUSE LINUX Enterprise Server 9 (i586), with OpenSSH_3.8p1. When we conncet to this box via VPN, right after authentication ssh session is 'hanging', we are not getting command prompt. I've attached debug log. We are able to ssh the serverr in LAN. same problem with telnet as well.

I've googled alot,but could not find a solution. Can anyone suggest a solution?

 dubug.log
0
Comment
Question by:Peddu_bhanu
  • 10
  • 3
  • 3
  • +5
24 Comments
 
LVL 4

Expert Comment

by:florjan
ID: 35499549
Have you opened port 22 on router/firewall?
0
 
LVL 4

Expert Comment

by:florjan
ID: 35499552
Also the log seems fine. Please look in /etc/passwd. Look at username's line and the line should be in that format:
uname:x:userid:groupid:optional comment:home dir:shell(for example /bin/bash, if it's /sbin/nologin or /bin/false, you need to change it to /bin/bash or /bin/ksh)

Open in new window

0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35499553
yes
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35499557
we are able to login from LAN, there is no problem with passwd file.
0
 
LVL 4

Expert Comment

by:florjan
ID: 35499566
Another issue, on your server you use 7 years old version of ssh. So that might be te problem. On our server ssh -v returns:
OpenSSH_5.8p1-hpn13v10, OpenSSL 1.0.0d 8 Feb 2011
While yours does:
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
I would update it. This is an very old version and probably has many security holes and bugs.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35499877
Could you please paste output of below given commands.

#ip a

# iptables -L -v
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35499983
here it is:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:81:73:7c brd ff:ff:ff:ff:ff:ff
    inet 172.16.5.113/22 brd 172.16.7.255 scope global eth0
    inet6 fe80::250:56ff:fe81:737c/64 scope link
       valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noqueue
    link/sit 0.0.0.0 brd 0.0.0.0


attached file has iptables -L -v output
iptables
0
 
LVL 40

Expert Comment

by:mrjoltcola
ID: 35500676
It may be a reverse DNS lookup issue. Disable reverse DNS for SSH.
0
 
LVL 40

Expert Comment

by:mrjoltcola
ID: 35500678
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35500813
Already tried that option, but no luck
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35500866
Once try to flush the iptable and then connect with ssh.

# iptables -F

or

# iptables --flush

0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35500950
no luck
0
 
LVL 40

Expert Comment

by:mrjoltcola
ID: 35500954
Did you try adding -u0 to the SSHD statup?
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35500958
yes, tried with -u0 and "usedns no". no luck
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35503699
Some times it even prints Last login message and hangs
0
 
LVL 8

Expert Comment

by:JIEXA
ID: 35504927
I suppose that the line "Last login..." means you're already in. I'd suspect some shell startup files (.profile, /etc/profile and similar) for doing something strange, like "xauth -" when not forwarding X11).
0
 
LVL 9

Expert Comment

by:crazedsanity
ID: 35504990
How long does the session hang?  Does it eventually become usable or disconnect?

You've mentioned a VPN.  Does this problem only happen when going through the VPN?  Does the system hang when connecting directly to console (using a directly-attached keyboard + mouse)?
0
 
LVL 9

Expert Comment

by:crazedsanity
ID: 35504997
This may be worth looking at, since you're running v3.8, which may have been an upgrade::: http://www.openssh.org/faq.html#3.3
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35505106
>> I suppose that the line "Last login..." means you're already in. I'd suspect some shell startup files
>>(.profile, /etc/profile and similar) for doing something strange, like "xauth -" when not forwarding X11).

When we connect from LAN It is working, we are able to work normally, if there is any problem with .profile it should not work in LAN.

>>How long does the session hang?  Does it eventually become usable or disconnect?

It hangs till ssh timeout, we are not able to kill the session with ctrl+c

>>You've mentioned a VPN.  Does this problem only happen when going through the VPN?  Does the >>system hang when connecting directly to console (using a directly-attached keyboard + mouse)?

yes only happens via VPN(stange!!), from LAN it is fine. It is a VM and on console it is fine.

0
 
LVL 9

Expert Comment

by:crazedsanity
ID: 35505158
First, let me suggest that you upgrade your version of SSH, it seems very old.

With that out of the way, adding this option when SSH'ing:

ssh -o GSSAPIAuthentication=no

Open in new window

0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35505363
>>ssh -o GSSAPIAuthentication=no

not working ):

last lines of sshd debug log:

debug3: mm_answer_pty: tty /dev/pts/2 ptyfd 3
debug3: mm_request_receive entering
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug3: tty_parse_modes: SSH2 n_bytes 16
debug3: tty_parse_modes: 3 127
debug3: tty_parse_modes: ispeed 38400
debug3: tty_parse_modes: ospeed 38400
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM: setting PAM_TTY to "/dev/pts/2"
debug2: fd 4 setting TCP_NODELAY
debug2: channel 0: rfd 10 isatty
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 is O_NONBLOCK
debug1: Setting controlling tty using TIOCSCTTY.
0
 
LVL 4

Expert Comment

by:undersky
ID: 35506511
hmm, check that you can login via ssh, and also
try recreate keys, rsa, etc

also remove .ssh/known_host file.

and check that client version and severversion of SSH is nearly same..
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 35695514
Hi, it is MTU issue some where in the network MTU is less than our linux server MTU.
0
 
LVL 9

Accepted Solution

by:
parparov earned 2000 total points
ID: 36526590
Then try decreasing the MTU on your server.

ifconfig eth0 mtu 1400

Open in new window


Also ensure you're not forwarding X11 (-o X11Forwarding=no)
Also, if you press ctrl-c when waiting for the prompt, does anything happen?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month15 days, 6 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question