-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm trying to SSH to an APC PDU (power distribution unit) using an openssh
client (OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 - Redhat EL4). I'm
experiencing delays before authenticating, often longer than 10 seconds. I
realise that this is most likely related to the settings/config of the SSH
server on the PDU, over which I have little control. I've included debug output
of the SSH server, including the delays. Does any one know what's causing the
delays and if there's anything that can be done about it.

Thanks,

Paul

- ---snip---
$ ssh -vvv user@blah
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to pdu05-rack46gp.sysmgt.qut.edu.au [131.181.119.115] port 22.
debug1: Connection established.
debug1: identity file /home/secman/.ssh/identity type -1
debug1: identity file /home/secman/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/secman/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/secman/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version cryptlib
debug1: no match: cryptlib
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
- ---snip---

long delay

- ---snip---
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,aes256-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-cbc,aes256-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 491/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
- ---snip---

long delay

- ---snip---
debug3: check_host_in_hostfile: filename /home/secman/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 252
debug3: check_host_in_hostfile: filename /home/secman/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 252
debug1: Host 'pdu05-rack46gp.sysmgt.qut.edu.au' is known and matches the RSA
host key.
debug1: Found key in /home/secman/.ssh/known_hosts:252
debug2: bits set: 510/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/secman/.ssh/identity ((nil))
debug2: key: /home/secman/.ssh/id_rsa ((nil))
debug2: key: /home/secman/.ssh/id_dsa (0x8451f08)
Authenticated with partial success.
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user@blah's password:
- ---snip---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFE2UEM4qOLghPAuV0RAtrOAKDiqEVKXFSxYsuK2y3vCm/kLFY1zQCgn3oA
dqT5qXeySbDSXzghYZYWhas=
=Xpdx
-----END PGP SIGNATURE-----