help with ssh ?

Les Mikesell lesmikesell at gmail.com
Tue Sep 4 22:34:01 UTC 2007


Kevin Kempter wrote:
> Hi List;
> 
> I have a machine I want to ssh to with no passwd. I've done this on my local 
> fedora 7 box:
> 
> $ ssh-keygen -t dsa -f .ssh/id_dsa
> $ cd .ssh
> $ scp id_dsa.pub user at remote:~/.ssh/id_dsa.pub
> 
> 
> Then I connected to the remote box and did this:
> 
> $ ssh user at remote
> [remote-box] $ cd .ssh
> 
> [remote-box] $ cat id_dsa.pub >> authorized_keys2
> [remote-box] $ chmod 640 authorized_keys2
> [remote-box] $ rm id_dsa.pub
> [remote-box] $ exit
> 
> The scp took like 5min
> 
> Then I try and connect like this (remote box is 172.16.128.128) :
> 
> $ ssh -v 172.16.128.128
> 
> and I get this:
> OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
> debug1: Reading configuration data /home/kkempter/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 172.16.128.128 [172.16.128.128] port 22.
> debug1: Connection established.
> debug1: identity file /home/kkempter/.ssh/identity type -1
> debug1: identity file /home/kkempter/.ssh/id_rsa type 1
> debug1: identity file /home/kkempter/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6
> debug1: match: OpenSSH_4.6 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.5
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '172.16.128.128' is known and matches the RSA host key.
> debug1: Found key in /home/kkempter/.ssh/known_hosts:13
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/kkempter/.ssh/identity
> debug1: Offering public key: /home/kkempter/.ssh/id_rsa
> 
> At this point ssh hangs for like 4 or 5 minutes, then I get this:
> 
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
> Last login: Tue Sep  4 16:26:13 2007 from 172.16.128.1
> 
> Then it hangs again for another 2 - 3 minutes and finally I get a prompt.
> 
> the remote box is a windows XP box in vmware on my local fedora box running 
> cygwin

Usually really long timeouts that eventually work are caused by failing 
DNS lookups as the remote side tries to reverse-resolve the connection's 
IP address.  From the target box, what does 'nslookup 172.16.128.1' (or 
wherever your fedora box is) say and how long does it take?  Another 
possibility is that the remote side is trying an IDENT query on the 
socket address to log the user name and a firewall drops (instead of 
rejecting with an ICMP) the request making the query hang until it times 
out.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the fedora-list mailing list