Re: [SLE] SSH server login delayed

From: Benjamin Hornberger (bho_at_gmx.net)
Date: 02/23/05

  • Next message: Michael Siefritz: "Re: [SLE] SSH server login delayed" 
    Date: Tue, 22 Feb 2005 19:04:29 -0500
To: suse-linux-e@suse.com

    At 06:53 PM 2/22/2005 -0500, Doug Currey wrote:
    >On Tue, 22 Feb 2005 17:59:29 -0500, Benjamin Hornberger wrote
    > > At 03:11 PM 2/22/2005 -0600, Sunny wrote:
    > > >On Tue, 22 Feb 2005 16:03:02 -0500, Benjamin Hornberger <bho@gmx.net>
    >wrote:
    > > > > Hi all,
    > > > >
    > > > > I hope somebody can help me with the following problem -- sorry for
    >the
    > > > > lengthy explanation.
    > > > >
    > > > > I have a machine running SUSE 9.2 Pro in a large research lab. It has
    >a
    > > > > unique IP address, but is not directly accessible from the outside
    >world
    > > > > through the lab's firewall. Instead, the lab offers SSH gateways
    >(running
    > > > > Debian 3.1) to which you can log in from outside, and from there you
    >can
    > > > > ssh to machines in the lab. This is as much as I know about the lab's
    > > > > network structure.
    > > > >
    > > > > My machine also serves as a gateway between a small private subnet and
    >the
    > > > > research lab network.
    > > > >
    > > > > Now I have the problem that if I want to log onto my machine from the
    >lab's
    > > > > SSH gateway, it takes 30 seconds for the SSH server to respond and
    >prompt
    > > > > for the password, which is quite annoying. If I log on from the
    >private
    > > > > subnet, I get the password prompt immediately. If I log on from inside
    >the
    > > > > lab's network, I get the immediate response as well. If I ping my
    >machine
    > > > > from the SSH gateway, I get an immediate response. If I try to log
    >onto a
    > > > > different Linux machine inside the lab's network from the SSH gateway
    > > > > (Redhat 7.3), I get an immediate response. So it looks like it's
    >something
    > > > > between my machine's SSH server and the SSH gateway's SSH client.
    > > > >
    > > > > The problem is independent of the machine's firewall settings (the
    >same
    > > > > with the SUSE firewall on or off).
    > > > >
    > > > > One hint might be that: If I log onto any other Linux machine from my
    > > > > Windows laptop (SSH Secure Shell 3.2.9), I get a popup window with a
    >prompt
    > > > > saying "Enter Password". I type my password, and I'm there. For that
    >SUSE
    > > > > machine though, I get a popup saying "Enter your authentication
    >response"
    > > > > and a password field. I enter the password, and then another window
    >pops up
    > > > > again saying "Enter your authentication response", and OK and cancel
    > > > > buttons. I first have to click OK, then I'm logged on. So maybe the
    >server
    > > > > expects a different authentication mechanism and falls back to
    >password
    > > > > after a while? But why does the login go quickly then from any machine
    > > > > other than the SSH gateway?
    > > > >
    > > > > Any help is greatly appreciated! Thanks,
    > > > >
    > > > > Benjamin
    > > > >
    > > > > --
    > > > > Check the headers for your unsubscription address
    > > > > For additional commands send e-mail to suse-linux-e-help@suse.com
    > > > > Also check the archives at http://lists.suse.com
    > > > > Please read the FAQs: suse-linux-e-faq@suse.com
    > > > >
    > > > >
    > > >
    > > >Check SuSE machines /etc/ssh/sshd_config file for entry "Protocol".
    > > >Most probably it is set to something like 2,1, which means that first
    > > >it tries version 2 of the protocol, and then ver. 1. Check
    > > >/ect/ssh/ssh_config (note, not sshd_config) on the gateway for the
    > > >same setting. There it may be set to 1,2, so it tries first to
    > > >negotiate ver.1, and if fails, ver.2
    > > >Most probably this have to be the problem.
    > >
    > > Unfortunately, this didn't help. Any more hints?
    > >
    > > Thanks,
    > > Benjamin
    > >
    >I think I had a similar problem. If memory serves it was do to the reverse
    >dns not resolving correctly.

    That doesn't seem to be the problem. DNS lookup works in both directions.
    Hmm...

    Benjamin 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Michael Siefritz: "Re: [SLE] SSH server login delayed"

    Relevant Pages