help with ssh ?

Tue Sep 4 22:28:17 UTC 2007

On Tuesday 04 September 2007 16:26:12 Phil Meyer wrote:
> Kevin Kempter wrote:
> > Hi List;
> >
> > I have a machine I want to ssh to with no passwd. I've done this on my
> > local fedora 7 box:
> >
> > $ ssh-keygen -t dsa -f .ssh/id_dsa
> > $ cd .ssh
> > $ scp id_dsa.pub user at remote:~/.ssh/id_dsa.pub
> >
> >
> > Then I connected to the remote box and did this:
> >
> > $ ssh user at remote
> > [remote-box] $ cd .ssh
> >
> > [remote-box] $ cat id_dsa.pub >> authorized_keys2
> > [remote-box] $ chmod 640 authorized_keys2
> > [remote-box] $ rm id_dsa.pub
> > [remote-box] $ exit
> >
> > The scp took like 5min
> >
> > Then I try and connect like this (remote box is 172.16.128.128) :
> >
> > $ ssh -v 172.16.128.128
> >
> > and I get this:
> > OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006
> > debug1: Reading configuration data /home/kkempter/.ssh/config
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug1: Connecting to 172.16.128.128 [172.16.128.128] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/kkempter/.ssh/identity type -1
> > debug1: identity file /home/kkempter/.ssh/id_rsa type 1
> > debug1: identity file /home/kkempter/.ssh/id_dsa type 2
> > debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6
> > debug1: match: OpenSSH_4.6 pat OpenSSH*
> > debug1: Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_4.5
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host '172.16.128.128' is known and matches the RSA host key.
> > debug1: Found key in /home/kkempter/.ssh/known_hosts:13
> > debug1: ssh_rsa_verify: signature correct
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > debug1: Authentications that can continue: publickey,password
> > debug1: Next authentication method: publickey
> > debug1: Trying private key: /home/kkempter/.ssh/identity
> > debug1: Offering public key: /home/kkempter/.ssh/id_rsa
> >
> > At this point ssh hangs for like 4 or 5 minutes, then I get this:
> >
> > debug1: Server accepts key: pkalg ssh-dss blen 433
> > debug1: read PEM private key done: type DSA
> > debug1: Authentication succeeded (publickey).
> > debug1: channel 0: new [client-session]
> > debug1: Entering interactive session.
> > debug1: Sending environment.
> > debug1: Sending env LANG = en_US.UTF-8
> > Last login: Tue Sep  4 16:26:13 2007 from 172.16.128.1
> >
> > Then it hangs again for another 2 - 3 minutes and finally I get a prompt.
> >
> > the remote box is a windows XP box in vmware on my local fedora box
> > running cygwin
> >
> > Any thoughts?
>
> Almost a certainty that is a DNS issue.  Whenever ssh hangs like that
> with no error, it is almost always is DNS on the system you are trying
> to log into.
>
> ssh tries very hard to be a good citizen and allow updates to utmp
> and wxtmp databases, which require FQDNS names.
>
> You can tell quite simply if this is the case.
>
> After the LONG pause to get logged in, do:
>
> $ w
> or
> $ who
>
> That is the old BSD style who program, that by default shows
> the host name for remote logins.  If your session lists the IP Address
> instead of the host name, you know for sure that the DNS reverse name
> lookup for that login session failed.
>
> Most DNS failures for ssh are set at about 120 seconds by default.
>
> Good Luck!

You are exactly correct. Can I tweak the  120 seconds timeout? also can I tell 
ssh to not try the DNS lookup?