SSH connection takes 30 seconds: 2008.1 - Mandriva

This is a discussion on SSH connection takes 30 seconds: 2008.1 - Mandriva ; Bit Twister wrote in news:slrng0t961.gov.BitTwister@wm81.home.test: > > What, no > NOZEROCONF=yes # no doze lookups needed > I never knew what zero config was and why it was needed. Still don't but I'll add it. >> nameserver 208.67.222.222 >> nameserver ...

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast
Results 21 to 40 of 72

Thread: SSH connection takes 30 seconds: 2008.1

  1. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0t961.gov.BitTwister@wm81.home.test:

    >
    > What, no
    > NOZEROCONF=yes # no doze lookups needed
    >

    I never knew what zero config was and why it was needed. Still don't but
    I'll add it.


    >> nameserver 208.67.222.222
    >> nameserver 208.67.220.220

    >
    > Yeah, but you are connecting from doze so the above has no impact, I
    > hope.
    >

    Of course you're right. Brain fart. The doze box uses OpenDNS too.

    > On mandriva 2008.1, click up a terminal,
    >
    > ssh $USER@$(hostname)
    >
    > and see you logged in quickly or as slow as from doze.


    Done that. Much quicker.


    Thanks,


    Frank

  2. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0t9e2.gov.BitTwister@wm81.home.test:

    > Ah, frap, can we assume you reconfigured your nic to use static
    > instead of dynamic (dhcp).
    >
    > Or did you just lookup server's ip and try it from doze?


    Yes. At least I think I did. I set up the files per your advice.

    Frank

    P.S. Time for bed. Nighty night!


  3. Re: SSH connection takes 30 seconds: 2008.1

    On Wed, 23 Apr 2008 03:47:54 GMT, Frank Dreyfus wrote:

    >> Or did you just lookup server's ip and try it from doze?

    >
    > Yes. At least I think I did. I set up the files per your advice.


    Ok, me thinks your nic is still set dynamic and you have hard coded
    an ip address in your /etc/hosts file.

    If you are going static on server, and it was setup dynamic,
    you will need to delete the nic network connection, create a new one
    and pick the same nic, set it up for static, add any dns values,
    advanced and set FQDN for host name. and whatever else you might want
    set in those wizard screens.

    Once done, you will have lost the /etc/hosts and /etc/sysconfig/network
    setting you entered by hand. :-(

    As for services/daemon restarting on boot, you decide for the system
    when you check/uncheck the "On Boot" box next to the service in
    question.


    Like you, what are these new services and do we need them or what?

    My solution, click Info.
    Maybe a quick locate service for docs or a quick read of the header in
    /etc/init.d/service_name_here.


    Flip a coin, click stop, and see if everything I normally use is still working.
    If so, reboot, all good, update my Admin Diary to disable the service
    on clean installs.

    As an Oh By The Way, early step in post install instructions is
    chkconfig --list > /etc/chkconfig.list_orig

    That way I have what was running after first boot after install.

    Never hurts to do a chkconfig --list > /etc/chkconfig.list_works
    once in awhile.

  4. Re: SSH connection takes 30 seconds: 2008.1

    Frank Dreyfus wrote:

    > Bit Twister wrote in
    > news:slrng0taq3.gov.BitTwister@wm81.home.test:
    >
    >> You can just stop the sound stuff from running on boot in mcc and also
    >> just stop the service/daemon for testing.

    >
    > Thanks Bit!
    >
    > I used mcc to stop the sound stuff and to prevent it from loading on
    > boot. However pulseaudio and artsd were still running after stopping the
    > sound stuff.


    I am unfamiliar with the process /pulseaudio/ but I presume it is a daemon
    started at boot time via the /SysV/ /init/ scripts. I would therefore
    recommend perusing the list of services to start at boot time in the /mcc./

    As for /artsd,/ it is normally started by the /kdeinit/ tool when KDE is
    started, but I believe you can prevent it from starting up via the KDE
    Control Panel. I'm not sure actually - I haven't checked on this system
    yet - but I seem to remember that it was possible to stop /artsd/ from
    launching every time KDE is started.

    > I killed both processes and that took a good load off of the system. But
    > I'm afraid they'll be back when I reboot.
    >
    > Any way to stop that?


    See above. ;-)

    > Also there are several other processes running that I'm afraid to kill
    > b/c I don't know what may rely on them. For example: python,


    Python is a programming language and is used by many components in the
    system, including the /mcc/ and /webmin./

    > kdm_greet,


    Presumably the KDE login screen.

    > kicker,


    The KDE panel.

    > klipper,


    The KDE clipboard applet, embedded into the /Kicker./


    > 3 (what the heck is that?),


    Good question.

    > and net_applet.


    A KDE /Kicker/ applet that monitors your network interfaces.

    --
    Aragorn
    (registered GNU/Linux user #223157)

  5. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0tdbi.gov.BitTwister@wm81.home.test:

    >
    > As an Oh By The Way, early step in post install instructions is
    > chkconfig --list > /etc/chkconfig.list_orig


    NICE! I've added that to my bag-o-tricks!


    Thanks,


    Frank

    P.S. Rise and shine!

  6. Re: SSH connection takes 30 seconds: 2008.1

    Aragorn wrote in news:fZxPj.45958$_h7.23080
    @newsfe05.ams2:

    >> I'll have to check to see if my
    >> PuTTY is current.

    >
    > That might be a good idea. ;-)
    >
    >


    Hi Aragorn,

    I installed the latest PuTTY (v 0.55) and have the same problem (30
    second delay for login).

    It has got to be something new/different in Openssh.

    Thanks,


    Frank

  7. Re: SSH connection takes 30 seconds: 2008.1

    On Wed, 23 Apr 2008 12:17:36 GMT, Frank Dreyfus wrote:

    > It has got to be something new/different in Openssh.


    Well, a quick check on sshd config between 2007.1 and 2008.1 shows


    $ dif /2007_1/etc/ssh/sshd_config /etc/ssh/sshd_config
    1c1
    < # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
    ---
    > # $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $

    14,15d13
    < #Protocol 2,1
    < Protocol 2
    19a18,22
    > # Disable legacy (protocol version 1) support in the server for new
    > # installations. In future the default will change to require explicit
    > # activation of protocol 1
    > Protocol 2


    which showed only Protocol 2 change in 2008.1 I think I may have made
    that change.


    But, checking 2008.0 against 2008.1 we find

    [bittwister@wm81 ~]$ mount /2008_0
    [bittwister@wm81 ~]$ dif /2008_0/etc/ssh/sshd_config /etc/ssh/sshd_config
    [bittwister@wm81 ~]$

    Indicating no configuration file changes between 2008.0 and 2008.1

    Here is a suggestion:
    Copy config file to config_orig, edit the file /etc/ssh/sshd_config
    search for UseDNS, duplicate the line, and set it no and remove comment.
    That is how I make changes. That allows a diff to tell what you changed.

    Example follows:

    cp /etc/ssh/sshd_config /etc/ssh/sshd_config_orig
    editor_of_choice /etc/ssh/sshd_config
    run search command to find UseDNS,
    and here is how it would look when done

    Before:
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    after:
    #ClientAliveCountMax 3
    #UseDNS yes
    UseDNS no
    #PidFile /var/run/sshd.pid

    You will need to do a
    service sshd restart
    to load the config change.

    In a regular user terminal, test sshd is running again with the following line:

    ssh $USER@$(hostname)

    If works, do a
    echo $USER $(hostname --ip-address)


    Then on the doze box you will
    be doing a ssh to the $USER value @ the above ip address.

    If wondering; what the F was done?
    there is

    $ man sshd_config
    /UseDNS <==== command to search for something (UseDNS)

    and we find

    UseDNS Specifies whether sshd(8) should look up the remote host name and
    check that the resolved host name for the remote IP address maps
    back to the very same IP address. The default is “yes”.

    If still slow,
    cp /etc/ssh/sshd_config_orig /etc/ssh/sshd_config
    service sshd restart
    and you are back to square one. :-(

    If it worked, you may think you see/have the solution.
    Downside was weakening of security on the LAN.

    Resolution, put config back as was, restart sshd, add all LAN
    ip, FQDN, alias
    in /etc/hosts,
    Verify all nodes have the FQDN set as hostname for their node and ip
    address are same as new /etc/hosts.

    copy /etc/hosts to all *ix boxes and to c:\somewhere\etc\hosts doze systems.

    Any time I change hostname or ip, I reboot the box.
    I do not want some service running with stale data, and I want proof
    system comes up with correct values.

    --
    The warranty and liability expired as you read this message.
    If the above breaks your system, it's yours and you keep both pieces.
    Practice safe computing. Backup the file before you change it.
    Do a, man command_here or cat command_here, before using it.

  8. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0uh4g.qb9.BitTwister@wm81.home.test:

    > search for UseDNS, duplicate the line, and set it no


    Hi Bit,

    I bet that's it!

    I'll try it asap.

    The box went to a client this AM so I won't be able to connect till it's
    installed at the new location.

    Thanks again,


    Frank

  9. Re: SSH connection takes 30 seconds: 2008.1

    On Wed, 23 Apr 2008 14:33:23 GMT, Frank Dreyfus wrote:
    >
    > I bet that's it!


    Guessing not.
    I just now fired up a doze box, installed putty
    started a session to bittwister@192.168.1.131

    Seem to take about a second for a popup about security key,
    clicked no
    about second later received enter bittwister's password.

    Doze box is XP Home. fixed ip address,
    $ grep 200 /etc/hosts
    192.168.1.200 pmx.home.test pmx


    C:\Windows\System32\Drivers\Etc\hosts did not have any other lines
    except the usual local host line.


  10. Re: SSH connection takes 30 seconds: 2008.1

    Frank Dreyfus wrote:

    > When I try to make an ssh connection to the LM box it takes about 30
    > seconds before I even get a login prompt. Sometimes it takes so long
    > that the connection times out.


    It sounds like you are seeing timeouts from one or two nameservers
    before it finally (or in some cases, never) gets an answer back.
    Compare the configuration for name reslution on the 2008.0 and 2008.1
    machines.

    Regards,

    David Mathog

  11. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0ujnm.qb9.BitTwister@wm81.home.test:

    > Guessing not.


    Shoot. You're right. It didn't help.

    Interesting, when I open a session via PuTTY I don't get the popup about
    the security key. It goes right to the password prompt.

    New hunch is that the 20-30 second delay is b/c it's looking to do a key
    exchange; but I've done nothing to enable that. I'm assuming that the
    key exchange attempt times out and it then reverts to password
    authentication.

    Sound reasonable?


    Thanks,


    Frank

  12. Re: SSH connection takes 30 seconds: 2008.1

    On Wed, 23 Apr 2008 15:47:59 GMT, Frank Dreyfus wrote:
    > Bit Twister wrote in
    > news:slrng0ujnm.qb9.BitTwister@wm81.home.test:
    >
    >> Guessing not.

    >
    > Shoot. You're right. It didn't help.
    >
    > Interesting, when I open a session via PuTTY I don't get the popup about
    > the security key. It goes right to the password prompt.
    >
    > New hunch is that the 20-30 second delay is b/c it's looking to do a key
    > exchange; but I've done nothing to enable that. I'm assuming that the
    > key exchange attempt times out and it then reverts to password
    > authentication.
    >
    > Sound reasonable?


    Your guess would be better than mine at that juncture.

    Now I am assuming you entered something like fdreyfus@x.x.x.x
    which is what I did.
    1 sec popup from putty, click no, 1 sec later Enter bittwister passwd:

    I just got back from testing that my LAN router has no knowledge of
    system names, and I did add a line in doze \etc\hosts for wm81
    and was able to do a bittwister@wm81 and worked same
    as using @x.x.x.x

    My recommendation is we try to set your system same as mine as
    far as possible an see what we can see.

    You dump your setup and post it here.
    So far you have been hiding things like

    I can understand that for a little bit. So
    before posting the dump, use something like
    gedit a.txt
    ctl h
    and sub .domain with .invalid

    Pull the dump script from this thread
    http://groups.google.com/group/alt.o...58e2777148a885

  13. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0un8v.qb9.BitTwister@wm81.home.test:

    > My recommendation is we try to set your system same as mine as
    > far as possible an see what we can see.
    >
    > You dump your setup and post it here.


    OK, you asked for it. There's a lot of stuff here; but maybe now what
    you need. For good measure I've added /etc/ssh/sshd.conf. Here goes...

    ============ cat /etc/ssh/sshd_config ===================
    # $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2

    # HostKey for protocol version 1
    HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768

    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 2m
    PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # For this to work you will also need host keys in
    /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    #UsePAM no

    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3

    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no

    # no default banner path
    #Banner /some/path

    # override default of no subsystems
    Subsystem sftp /usr/lib/ssh/sftp-server

    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server


    ============ End cat /etc/ssh/sshd_config ===============



    Wed Apr 23 13:11:49 EDT 2008
    === cat /etc/product.id ====
    vendor=Mandriva,distribution=Mandriva Linux,type=Basic,version=
    2008.1,branch=Devel,release=1,arch=i586,product=Po werpack
    ======== cat /etc/lsb-release ==========
    LSB_VERSION=lsb-3.1-ia32:lsb-3.1-noarch
    DISTRIB_ID=MandrivaLinux
    DISTRIB_RELEASE=2008.1
    DISTRIB_CODENAME=cambria
    DISTRIB_DESCRIPTION="Mandriva Linux 2008.1"
    ======== cat /etc/mandrakelinux-release ==========
    Mandriva Linux release 2008.1 (Official) for i586
    ======== cat /etc/mandrake-release ==========
    Mandriva Linux release 2008.1 (Official) for i586
    ======== cat /etc/mandriva-release ==========
    Mandriva Linux release 2008.1 (Official) for i586
    ======== cat /etc/redhat-release ==========
    Mandriva Linux release 2008.1 (Official) for i586
    ======== cat /etc/release ==========
    Mandriva Linux release 2008.1 (Official) for i586
    ======== uname -rvi =============
    2.6.24.4-desktop-1mnb #1 SMP Thu Mar 27 14:34:39 CET 2008 unknown
    ======== cat /etc/version ==========
    2008.1.0 0.11 cambria
    ======== lsb_release -a ==========
    LSB Version: lsb-3.1-ia32:lsb-3.1-noarch:*
    Distributor ID: MandrivaLinux
    Description: Mandriva Linux 2008.1
    Release: 2008.1
    Codename: cambria

    msec security level is 2

    model name : Intel(R) Celeron(R) CPU 2.93GHz
    cpu MHz : 366.657



    === cat /etc/urpmi/urpmi.cfg ====
    {
    }

    Mandriva\ Linux\ -\ 2008.1\ (Powerpack)\ -\ Installer
    //var/ftp/pub/Mandrivalinux/media/main {
    key-ids: 70771ff3
    }

    Mandriva\ Linux\ -\ 2008.1\ (Powerpack)\ -\ Installer\ (contrib)
    //var/ftp/pub/Mandrivalinux/media/contrib {
    key-ids: 78d019f5
    }

    Mandriva\ Linux\ -\ 2008.1\ (Powerpack)\ -\ Installer\ (non-free)
    //var/ftp/pub/Mandrivalinux/media/non-free {
    key-ids: 70771ff3
    }

    Mandriva\ Linux\ -\ 2008.1\ (Powerpack)\ -\ Installer\ (restricted)
    //var/ftp/pub/Mandrivalinux/media/restricted {
    key-ids: 70771ff3
    }

    Updates\ for\ Mandriva\ Linux\ 2008.1
    ftp://mirrors.usc.edu/pub/linux/dist.../official/2008
    ..1/i586/media/main/updates {
    key-ids: 22458a98
    update
    }

    Main
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/main
    /release {
    key-ids: 70771ff3
    }

    Main\ Updates
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/main
    /updates {
    key-ids: 22458a98
    update
    }

    Main\ Testing
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/main
    /testing {
    ignore
    }

    Main\ Backports
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/main
    /backports {
    ignore
    }

    Contrib
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/cont
    rib/release {
    key-ids: 78d019f5
    }

    Contrib\ Updates
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/cont
    rib/updates {
    key-ids: 26752624
    update
    }

    Contrib\ Testing
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/cont
    rib/testing {
    ignore
    }

    Contrib\ Backports
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/cont
    rib/backports {
    ignore
    }

    Non-free
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/non-
    free/release {
    key-ids: 70771ff3
    }

    Non-free\ Updates
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/non-
    free/updates {
    key-ids: 26752624
    update
    }

    Non-free\ Testing
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/non-
    free/testing {
    ignore
    }

    Non-free\ Backports
    rsync://carroll.cac.psu.edu/mandrakelinux/official/2008.1/i586/media/non-
    free/backports {
    ignore
    }

    PLF\ Free {
    key-ids: caba22ae
    mirrorlist: http://plf.zarb.org/mirrors/2008.1.i586.list
    update
    with-dir: media/../../../../2008.1/free/release/binary/i586
    }

    PLF\ Free\ backports {
    ignore
    mirrorlist: http://plf.zarb.org/mirrors/2008.1.i586.list
    with-dir: media/../../../../2008.1/free/backports/binary/i586
    }

    PLF\ Non-free {
    key-ids: caba22ae
    mirrorlist: http://plf.zarb.org/mirrors/2008.1.i586.list
    update
    with-dir: media/../../../../2008.1/non-free/release/binary/i586
    }

    PLF\ Non-free\ backports {
    ignore
    mirrorlist: http://plf.zarb.org/mirrors/2008.1.i586.list
    with-dir: media/../../../../2008.1/non-free/backports/binary/i586
    }
    ======== free ==========
    total used free shared buffers cached
    Mem: 450676 420736 29940 0 23536 206204
    -/+ buffers/cache: 190996 259680
    Swap: 8185076 0 8185076


    Default run level is 5

    ======== chkconfig --list ==========
    Double check if /avahi/ needs to be disabled on boot
    avahi-daemon 0ff 1ff 2ff 3n 4ff 5n 6ff
    acpid 0ff 1ff 2ff 3n 4n 5n 6ff
    alsa 0ff 1ff 2n 3n 4n 5n 6ff
    atd 0ff 1ff 2ff 3n 4n 5n 6ff
    auditd 0ff 1ff 2n 3n 4n 5n 6ff
    avahi-daemon 0ff 1ff 2ff 3n 4ff 5n 6ff
    clamd 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    coherence 0ff 1ff 2ff 3n 4n 5n 6ff
    crond 0ff 1ff 2n 3n 4n 5n 6ff
    dansguardian 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    dm 0ff 1ff 2ff 3ff 4ff 5n 6ff
    firestarter 0ff 1ff 2ff 3n 4ff 5n 6ff
    freshclam 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    fuse 0ff 1ff 2ff 3n 4n 5n 6ff
    haldaemon 0ff 1ff 2ff 3n 4n 5n 6ff
    harddrake 0ff 1ff 2ff 3n 4n 5n 6ff
    httpd 0ff 1ff 2ff 3n 4ff 5n 6ff
    iptables 0ff 1ff 2n 3n 4n 5n 6ff
    keytable 0ff 1ff 2n 3n 4n 5n 6ff
    kheader 0ff 1ff 2n 3n 4ff 5n 6ff
    ksysguard 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    lisa 0ff 1ff 2ff 3n 4n 5n 6ff
    mandi 0ff 1ff 2n 3n 4n 5n 6ff
    messagebus 0ff 1ff 2n 3n 4n 5n 6ff
    netconsole 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    netfs 0ff 1ff 2ff 3n 4n 5n 6ff
    network 0ff 1ff 2n 3n 4n 5n 6ff
    network-up 0ff 1ff 2n 3n 4n 5n 6ff
    nfs-common 0ff 1ff 2n 3n 4n 5n 6ff
    ntpd 0ff 1ff 2n 3n 4n 5n 6ff
    numlock 0ff 1ff 2ff 3n 4n 5n 6ff
    partmon 0ff 1ff 2ff 3n 4n 5n 6ff
    postfix 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    rcl 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    resolvconf 0ff 1ff 2n 3n 4n 5n 6ff
    rpcbind 0ff 1ff 2ff 3n 4n 5n 6ff
    shorewall 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    smb 0ff 1ff 2ff 3n 4n 5n 6ff
    sound 0ff 1ff 2n 3n 4n 5n 6ff
    squid 0ff 1ff 2ff 3ff 4ff 5ff 6ff
    sshd 0ff 1ff 2n 3n 4n 5n 6ff
    syslog 0ff 1ff 2n 3n 4n 5n 6ff
    vncserver 0ff 1ff 2ff 3n 4ff 5n 6ff
    webmin 0ff 1ff 2n 3n 4n 5n 6ff
    xinetd 0ff 1ff 2ff 3n 4n 5n 6ff

    xinetd based services:
    rsync: off
    sshd-xinetd: on
    swat: on
    ======== grep hosts: /etc/nsswitch.conf ==========
    hosts: files nis dns
    ======== grep -v '^#' /etc/resolv.conf ==========
    nameserver 192.168.0.1
    ======== hostname --fqdn ==========
    server.
    === cat /etc/netprofile/profiles/default/files/etc/hosts ====
    127.0.0.1 localhost
    ======== grep eth /etc/mod*.conf ==========
    alias eth0 via_rhine
    === cat /etc/dhclient-exit-hooks ====
    sh /etc/firestarter/firestarter.sh start
    ======== grep -v '^#' /etc/host.conf ==========
    order hosts,bind
    multi on
    ================ ifconfig -a ==============
    eth0 Link encap:Ethernet HWaddr 00:133:62:82:09
    inet addr:192.168.0.102 Bcast:192.168.0.255
    Mask:255.255.255.0
    inet6 addr: fe80::213:d3ff:fe62:8209/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:40115 errors:0 dropped:0 overruns:0 frame:0
    TX packets:61361 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:6683392 (6.3 MiB) TX bytes:68242806 (65.0 MiB)
    Interrupt:18 Base address:0xec00

    ham0 Link encap:Ethernet HWaddr 00:FF:BD9:B5:71
    inet addr:5.203.193.2 Bcast:5.255.255.255 Mask:255.0.0.0
    UP BROADCAST RUNNING MULTICAST MTU:1200 Metric:1
    RX packets:36863 errors:0 dropped:0 overruns:0 frame:0
    TX packets:59609 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:500
    RX bytes:2934622 (2.7 MiB) TX bytes:63304871 (60.3 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:3899 errors:0 dropped:0 overruns:0 frame:0
    TX packets:3899 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:1160429 (1.1 MiB) TX bytes:1160429 (1.1 MiB)

    === cat /etc/iftab ====
    eth0 mac 00:13:d3:62:82:09
    === cat /etc/udev/rules.d/61-net_config.rules ====
    # udev persistent rules for net subsystem
    # Generated by Mandriva udev rules
    # See /etc/udev/rules.d/62-create_persistent.rules

    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:13:d3:62:82:09", NAME="eth0", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:18:98:87:f9", NAME="ham0", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:70:a6:a6:83", NAME="ham1", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:f9:9d:43:d2", NAME="ham2", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:97:67:03:88", NAME="ham3", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:90:2a:4c:27", NAME="ham4", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:bd:ed:3c:31", NAME="ham5", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:c7:41:77:ba", NAME="ham6", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:8d:e4:0b:1e", NAME="ham7", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:a7:29:ac:d7", NAME="ham8", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:bb:50:a1:67", NAME="ham9", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:00:f3:cd:e7", NAME="ham10", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:1b:0b:81:89", NAME="ham11", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:1b:be:a4:70", NAME="ham12", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:24:7c:8f:44", NAME="ham13", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:c8:29:13:49", NAME="ham14", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:22:66:9d:49", NAME="ham15", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:47:e9:a8:95", NAME="ham16", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:c2:cc:49:74", NAME="ham17", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:ee:72:d0:ee", NAME="ham18", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:ed:70:af:6c", NAME="ham19", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:64:34:bb:1c", NAME="ham20", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:5c:b1:7c:1b", NAME="ham21", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:38:6b:00:d4", NAME="ham22", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:3b:5e:f7:72", NAME="ham23", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:9e:f1:30:79", NAME="ham24", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:b2:9e:52:a4", NAME="ham25", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:2d:4f:19:de", NAME="ham26", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:1b:37:46:42", NAME="ham27", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:00:63:df:51", NAME="ham28", ENV{MDV_CONFIGURED}="yes"
    SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    =="00:ff:bd:d9:b5:71", NAME="ham29", ENV{MDV_CONFIGURED}="yes"
    ============== route -n =================
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use
    Iface
    192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0
    eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0
    eth0
    5.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
    ham0
    0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0
    eth0
    === cat /etc/sysconfig/network ====
    NETWORKING_IPV6=no #speeds dns lookup
    NETWORKING=yes
    NEEDHOSTNAME=no #I'll use my own hostname
    HOSTNAME=server.
    ========== head -15 /etc/hosts ===========
    # generated by drakhosts
    127.0.0.1 localhost.localdomain localhost
    192.168.0.102 server. server

    ======== ethtool eth0 ==========
    Settings for eth0:
    Supported ports: [ TP MII ]
    Supported link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    Supports auto-negotiation: Yes
    Advertised link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    Advertised auto-negotiation: Yes
    Speed: 100Mb/s
    Duplex: Full
    Port: MII
    PHYAD: 1
    Transceiver: internal
    Auto-negotiation: on
    Supports Wake-on: pumbg
    Wake-on: d
    Current message level: 0x00000001 (1)
    Link detected: yes
    === dmesg | grep eth0 | grep -v SRC= ===
    eth0: VIA Rhine II at 0x1ec00, 00:13:d3:62:82:09, IRQ 18.
    eth0: MII PHY found at address 1, status 0x786d advertising 01e1 Link
    41e1.
    eth0: link up, 100Mbps, full-duplex, lpa 0x41E1
    eth0: no IPv6 routers present
    === grep eth0 /var/log/messages | tail -10 ===
    Apr 23 12:42:04 server ifplugd(eth0)[2869]: client: Firewall started
    Apr 23 12:42:04 server ifplugd(eth0)[2869]: client: done.
    Apr 23 12:42:04 server ifplugd(eth0)[2869]: Program executed
    successfully.
    Apr 23 12:42:04 server avahi-daemon[4079]: Joining mDNS multicast group
    on interface eth0.IPv4 with address 192.168.0.102.
    Apr 23 12:42:04 server avahi-daemon[4079]: New relevant interface
    eth0.IPv4 for mDNS.
    Apr 23 12:42:04 server avahi-daemon[4079]: Registering new address record
    for fe80::213:d3ff:fe62:8209 on eth0.*.
    Apr 23 12:42:04 server avahi-daemon[4079]: Registering new address record
    for 192.168.0.102 on eth0.IPv4.
    Apr 23 12:42:17 server kernel: Inbound IN=eth0 OUT= MAC=
    00:13:d3:62:82:09:00:13:46:06:c9:7e:08:00 SRC=69.25.21.221 DST=
    192.168.0.102 LEN=80 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=
    36391 DPT=54914 LEN=60
    Apr 23 12:42:17 server kernel: Inbound IN=eth0 OUT= MAC=
    00:13:d3:62:82:09:00:13:46:06:c9:7e:08:00 SRC=69.25.21.221 DST=
    192.168.0.102 LEN=80 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=
    36391 DPT=54914 LEN=60
    Apr 23 12:42:18 server kernel: Inbound IN=eth0 OUT= MAC=
    00:13:d3:62:82:09:00:13:46:06:c9:7e:08:00 SRC=69.25.21.221 DST=
    192.168.0.102 LEN=80 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=
    36391 DPT=54914 LEN=60
    === cat /etc/sysconfig/network-scripts/ifcfg-eth0 ====
    DEVICE=eth0
    BOOTPROTO=dhcp
    NETMASK=255.255.255.0
    ONBOOT=yes
    METRIC=10
    MII_NOT_SUPPORTED=no
    USERCTL=no
    RESOLV_MODS=no
    IPV6INIT=no
    IPV6TO4INIT=no
    DHCP_CLIENT=dhclient
    DHCP_HOSTNAME=server
    NEEDHOSTNAME=no
    PEERDNS=yes
    PEERYP=yes
    PEERNTPD=no
    ======== tail -18 /var/lib/dhcp/dhclient-eth0.leases ==========
    option dhcp-server-identifier 192.168.0.1;
    renew 6 2008/4/26 23:48:41;
    rebind 2 2008/4/29 18:26:46;
    expire 3 2008/4/30 15:26:46;
    }
    lease {
    interface "eth0";
    fixed-address 192.168.0.102;
    option subnet-mask 255.255.255.0;
    option routers 192.168.0.1;
    option dhcp-lease-time 604800;
    option dhcp-message-type 5;
    option dhcp-server-identifier 192.168.0.1;
    option domain-name-servers 192.168.0.1;
    renew 0 2008/4/27 00:57:58;
    rebind 2 2008/4/29 19:41:59;
    expire 3 2008/4/30 16:41:59;
    }
    === dmesg | grep eth1 | grep -v SRC= ===
    === grep eth1 /var/log/messages | tail -10 ===
    === dmesg | grep eth2 | grep -v SRC= ===
    === grep eth2 /var/log/messages | tail -10 ===
    ========= cd /etc/NetworkManager/dispatcher.d ; ls -al ========
    total 12
    drwxr-xr-x 2 root root 4096 2008-04-22 09:13 .
    drwxr-xr-x 3 root root 4096 2008-04-22 09:13 ..
    -rwxr-xr-x 1 root root 175 2008-02-01 15:30 00-netreport
    ===== cd /etc/sysconfig/network-scripts/ifdown.d ; ls -al ====
    total 12
    drwxr-xr-x 2 root root 4096 2008-04-22 09:13 .
    drwxr-xr-x 8 root root 4096 2008-04-22 15:26 ..
    -rwxr-xr-x 1 root root 224 2008-04-04 12:21 vpn
    ===== cd /etc/sysconfig/network-scripts/ifup.d ; ls -al ====
    total 20
    drwxr-xr-x 2 root root 4096 2008-04-22 09:32 .
    drwxr-xr-x 8 root root 4096 2008-04-22 15:26 ..
    -rwxr-xr-x 1 root root 676 2007-12-19 09:18 netprofile
    -rwxr-xr-x 1 root root 819 2008-03-26 07:55 postfix
    -rwxr-xr-x 1 root root 225 2008-04-04 12:21 vpn
    ========= cd /etc/resolvconf/update.d ; ls -al ========
    total 24
    drwxr-xr-x 2 root root 4096 2008-04-22 09:13 .
    drwxr-xr-x 5 root root 4096 2008-04-22 09:13 ..
    -rwxr-xr-x 1 root root 3542 2006-08-09 09:36 bind
    -rwxr-xr-x 1 root root 2969 2008-01-08 11:46 dnscache
    -rwxr-xr-x 1 root root 4465 2008-03-14 17:26 libc
    ======== grep -v '^#' /etc/hosts.allow ==========

    ======== grep -v '^#' /etc/hosts.deny ==========

    ==== end of config/network data dump =======

  14. Re: SSH connection takes 30 seconds: 2008.1

    Frank Dreyfus wrote in
    news:Xns9A898A5CAD66Dadfslur0mdoaur03jadl@207.115. 33.102:

    > OK, you asked for it. There's a lot of stuff here; but maybe now what
    > you need. For good measure I've added /etc/ssh/sshd.conf.


    Typo: s/b ... maybe NOT what you need...

    Frank

  15. Re: SSH connection takes 30 seconds: 2008.1

    On Wed, 23 Apr 2008 17:36:05 GMT, Frank Dreyfus wrote:
    >
    > msec security level is 2


    My level is High (SECURE_LEVEL=3)

    Not part of problem.

    > model name : Intel(R) Celeron(R) CPU 2.93GHz
    > cpu MHz : 366.657



    Hmmm, faster than my 1.5ghz

    Using the same main,contrib mirror.

    > Default run level is 5


    Mine is always 3, not part of problem.

    >
    > ======== chkconfig --list ==========
    > Double check if /avahi/ needs to be disabled on boot
    > avahi-daemon 0ff 1ff 2ff 3n 4ff 5n 6ff


    Ok, there is DNS how unfortunate.
    You need to stop it, and disable On Boot.

    > lisa 0ff 1ff 2ff 3n 4n 5n 6ff
    > mandi 0ff 1ff 2n 3n 4n 5n 6ff


    I happen to disable lisa and mandi. Guessing not part of your problem.

    > shorewall 0ff 1ff 2ff 3ff 4ff 5ff 6ff


    Tisk, tisk, you have doze boxes on LAN and running with no firewall.
    Oh, maybe some other firewall manager (saw firestarter.sh down post)

    > xinetd based services:
    > rsync: off
    > sshd-xinetd: on


    Ah ha, I have sshd always on and you have start when needed.
    That cuts my time a little.

    > ======== hostname --fqdn ==========
    > server.


    Son-Of-A-B%@&% that sucks as a domain name. make it
    server.home.invalid if nothing else.


    > === cat /etc/dhclient-exit-hooks ====
    > sh /etc/firestarter/firestarter.sh start


    Possibility of a slow down hidden in there.

    > ================ ifconfig -a ==============
    > eth0 Link encap:Ethernet HWaddr 00:133:62:82:09
    > inet addr:192.168.0.102 Bcast:192.168.0.255
    > Mask:255.255.255.0
    > inet6 addr: fe80::213:d3ff:fe62:8209/64 Scope:Link
    > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    > RX packets:40115 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:61361 errors:0 dropped:0 overruns:0 carrier:0
    > collisions:0 txqueuelen:1000
    > RX bytes:6683392 (6.3 MiB) TX bytes:68242806 (65.0 MiB)
    > Interrupt:18 Base address:0xec00
    >
    > ham0 Link encap:Ethernet HWaddr 00:FF:BD9:B5:71
    > inet addr:5.203.193.2 Bcast:5.255.255.255 Mask:255.0.0.0
    > UP BROADCAST RUNNING MULTICAST MTU:1200 Metric:1
    > RX packets:36863 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:59609 errors:0 dropped:0 overruns:0 carrier:0
    > collisions:0 txqueuelen:500
    > RX bytes:2934622 (2.7 MiB) TX bytes:63304871 (60.3 MiB)
    >
    > lo Link encap:Local Loopback
    > inet addr:127.0.0.1 Mask:255.0.0.0
    > inet6 addr: ::1/128 Scope:Host
    > UP LOOPBACK RUNNING MTU:16436 Metric:1
    > RX packets:3899 errors:0 dropped:0 overruns:0 frame:0
    > TX packets:3899 errors:0 dropped:0 overruns:0 carrier:0
    > collisions:0 txqueuelen:0
    > RX bytes:1160429 (1.1 MiB) TX bytes:1160429 (1.1 MiB)
    >
    > === cat /etc/iftab ====
    > eth0 mac 00:13:d3:62:82:09
    > === cat /etc/udev/rules.d/61-net_config.rules ====
    > # udev persistent rules for net subsystem
    > # Generated by Mandriva udev rules
    > # See /etc/udev/rules.d/62-create_persistent.rules
    >
    > SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    > =="00:13:d3:62:82:09", NAME="eth0", ENV{MDV_CONFIGURED}="yes"
    > SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}
    > =="00:ff:18:98:87:f9", NAME="ham0", ENV{MDV_CONFIGURED}="yes"
    > SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}!="*.*", SYSFS{address}


    No idea if ham stuff is hurting or not.

    > === cat /etc/sysconfig/network ====
    > NETWORKING_IPV6=no #speeds dns lookup
    > NETWORKING=yes
    > NEEDHOSTNAME=no #I'll use my own hostname
    > HOSTNAME=server.


    no NOZEROCONF=yes # no doze lookups needed
    line, mine has one.



    > ========== head -15 /etc/hosts ===========
    > # generated by drakhosts
    > 127.0.0.1 localhost.localdomain localhost
    > 192.168.0.102 server. server


    I happen to have my doze box hard coded there also


    > === cat /etc/sysconfig/network-scripts/ifcfg-eth0 ====
    > DEVICE=eth0
    > BOOTPROTO=dhcp


    Ok running dynamic interface, Danger is node can get differnt ip
    address than what is in /etc/hosts.


    > ======== grep -v '^#' /etc/hosts.allow ==========
    >
    > ======== grep -v '^#' /etc/hosts.deny ==========
    >
    > ==== end of config/network data dump =======


    Hmmmm, I have more protection enabled.

    $ grep -v '^#' /etc/hosts.allow

    in.ftpd: .home.test, LOCAL, 69.92.58.44
    in.rlogind:localhost, .home.test, LOCAL

    portmap: LOCAL, .home.test
    in.talkd: LOCAL, .home.test
    ALL: LOCAL, .home.test

    $ grep -v '^#' /etc/hosts.deny


    ALL: ALL:\
    spawn ( \
    /bin/echo -e "\n\
    TCP Wrappers\: Connection Refused\n\
    By\: $(uname -n)\n\
    Process\: %d (pid %p)\n\
    \n\
    User\: %u\n\
    Host\: %c\n\
    Date\: $(date)\n\
    " | /bin/mail -s \"$(uname -n)\" root ) & : DENY


    and do check
    $ cat /etc/modprobe.conf

    install ipv6 /bin/true
    alias net-pf-10 off

    $

    Those two lines used to disable ipv6 activity

    maybe avahi-daemon and making sshd start on boot not on demand
    will help.

    Dang, got to run to an appointment. check/set

    $ grep hosts: /etc/nsswitch.conf
    hosts: files dns




  16. Re: SSH connection takes 30 seconds: 2008.1

    Frank Dreyfus wrote:

    >> You can just stop the sound stuff from running on boot in mcc and also
    >> just stop the service/daemon for testing.

    >
    > Thanks Bit!
    >
    > I used mcc to stop the sound stuff and to prevent it from loading on
    > boot. However pulseaudio and artsd were still running after stopping the
    > sound stuff.
    >
    > I killed both processes and that took a good load off of the system. But
    > I'm afraid they'll be back when I reboot.
    >
    > Any way to stop that?
    >
    > Also there are several other processes running that I'm afraid to kill
    > b/c I don't know what may rely on them. For example: python, kdm_greet,
    > kicker, klipper, 3 (what the heck is that?), and net_applet. Those seem
    > to be the biggest cpu users. The other stuff is very small.



    Biggest question is why would you need KDE running at all if this is a
    server located in a closet only accessed by ssh?

    My recommendation would be start the box in run level 3. No more KDE
    malarky


    --
    sid
    RLU 300284
    Mandriva 2008.1 X86_64
    2.6.24.3

  17. Re: SSH connection takes 30 seconds: 2008.1

    sid wrote in news:VdLPj.13827$yD2.9644
    @text.news.virginmedia.com:

    > Biggest question is why would you need KDE running at all if this is a
    > server located in a closet only accessed by ssh?


    Hi Sid,

    No. I'm not good enough to use a shell only. I mostly use vnc to connect
    to the server and work in the gui.


    Frank

  18. Re: SSH connection takes 30 seconds: 2008.1

    Frank Dreyfus wrote:

    >> Biggest question is why would you need KDE running at all if this is a
    >> server located in a closet only accessed by ssh?



    > No. I'm not good enough to use a shell only.




    Oh yes you are



    > I mostly use vnc to connect
    > to the server and work in the gui.


    Ok, what is it that you actually *do* when connected to the server over vnc?
    If it's config stuff why not use webmin?

    --
    sid
    RLU 300284
    Mandriva 2008.1 X86_64
    2.6.24.3

  19. Re: SSH connection takes 30 seconds: 2008.1

    sid wrote in
    news:xGNPj.13983$yD2.1890@text.news.virginmedia.co m:

    > Ok, what is it that you actually *do* when connected to the server
    > over vnc? If it's config stuff why not use webmin?


    I DO use webmin as well; but often vnc is faster and easier. Connection
    via vnc provides much improved file management, properties, etc. Mcc is
    very handy for adding and removing packages and also for specifying which
    services to load at boot and makes it easy to restart services.

    I could go on, but I think you see my point.


    Warm regards,


    Frank

  20. Re: SSH connection takes 30 seconds: 2008.1

    Bit Twister wrote in
    news:slrng0uuen.qb9.BitTwister@wm81.home.test:


    Hi Bit,



    >
    > Ok, there is DNS how unfortunate.
    > You need to stop it, and disable On Boot.


    I guess I'm confused on this issue. You want me to turn DNS off; but
    won't that prevent me from finding other hosts (google.com, etc.)?

    > Oh, maybe some other firewall manager (saw firestarter.sh down
    > post)

    Yes, I'm using firestarter. Very easy to manage.

    >
    >> xinetd based services:
    >> rsync: off
    >> sshd-xinetd: on

    >
    > Ah ha, I have sshd always on and you have start when needed.
    > That cuts my time a little.


    Yes but I can connect to other, < 2008.1 w/o a problem and I can connect
    to this box from another linux box w/o a problem. So this doesn't
    explain the long delay.

    >
    >> ======== hostname --fqdn ==========
    >> server.

    >
    > Son-Of-A-B%@&% that sucks as a domain name. make it
    > server.home.invalid if nothing else.


    I guess I don't understand your problem with . You obviously
    know that it's just a substitute for my real domain name. I'm posting to
    a public forum and just don't want lurkers probing me.

    >> === cat /etc/dhclient-exit-hooks ====
    >> sh /etc/firestarter/firestarter.sh start

    >
    > Possibility of a slow down hidden in there.


    Firestarter, just like shorewall, writes it's rules and bows out. Don't
    know why it's started here; but there is no trace of it as a process
    after boot. Verified via ps -A | grep fire


    >
    > No idea if ham stuff is hurting or not.

    That's the Hamachi virtual interface. Very handy for connecting to
    remote hosts through routers without the need for configuration.

    BTW, that's also why I use firestarter. It makes it very easy to allow
    hamachi traffic through the linux firewall.

    >
    >> === cat /etc/sysconfig/network ====
    >> NETWORKING_IPV6=no #speeds dns lookup
    >> NETWORKING=yes
    >> NEEDHOSTNAME=no #I'll use my own hostname
    >> HOSTNAME=server.

    >
    > no NOZEROCONF=yes # no doze lookups needed
    > line, mine has one.


    Still not sure what zero config is all about but I do need to find doze
    boxes on the LAN.

    >
    > Ok running dynamic interface, Danger is node can get differnt ip
    > address than what is in /etc/hosts.
    >

    I use the router to fix the ip of each box on the LAN. That way I have
    control over ip's in one place. The router does a good job of handing
    out the same ip every time.

    >
    >> ======== grep -v '^#' /etc/hosts.allow ==========
    >>
    >> ======== grep -v '^#' /etc/hosts.deny ==========
    >>
    >> ==== end of config/network data dump =======

    >
    > Hmmmm, I have more protection enabled.
    >


    Actually I have two firewalls. First is the router which only allows
    specific incoming traffic like http and https.

    Second is the firewall in the linux box allows only hamachi plus those
    services that the router allows.

    Hamachi itself requires no router configuration and gives me access to
    all services on the box.

    I do allow ALL outgoing traffic; but I'm the only one using the box.


    >
    > and do check
    > $ cat /etc/modprobe.conf
    >
    > install ipv6 /bin/true
    > alias net-pf-10 off
    >
    > $
    >
    > Those two lines used to disable ipv6 activity
    >


    Here's my /etc/modprobe.conf:
    cat /etc/modprobe.conf
    alias eth0 via_rhine
    alias sound-slot-0 snd_via82xx
    install scsi_hostadapter /sbin/modprobe sata_via; /bin/true
    install usb-interface /sbin/modprobe ehci_hcd; /sbin/modprobe uhci_hcd;
    /bin/true
    install ide-controller /sbin/modprobe via82cxxx; /bin/true
    alias pci:v00001106d00003065sv00001462sd00007104bc02sc00 i00 via_rhine
    alias net-pf-10 off

    I have the same last line as you but not
    install ipv6 /bin/true

    Do I need that? I seems more like it's starting ipv6, not preventing it.


    > maybe avahi-daemon

    I'll try that.

    > and making sshd start on boot not on demand
    > will help.

    Don't think that's an issue as discussed above.

    Bit, You've obviously put a tremendous amount of time into this. I want
    you to know how very much I appreciate it!

    Thanks,


    Ed

+ Reply to Thread
Page 2 of 4 FirstFirst 1 2 3 4 LastLast