ssh connection pause - openssh

This is a discussion on ssh connection pause - openssh ; Hi, sorry if I've sent this to the wrong list. I'm having a strange issue where establishing an SSH connection to an AIX box running openssh v4.6 pauses for approximately 30 seconds during the connection process (I have UseDNS set ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: ssh connection pause

  1. ssh connection pause

    Hi, sorry if I've sent this to the wrong list.

    I'm having a strange issue where establishing an SSH connection to an AIX
    box running openssh v4.6 pauses for approximately 30 seconds during the
    connection process (I have UseDNS set to no).

    From the client:
    ---
    dgreen49@linuxhost1 [~]# ssh -vvv aixhost1
    OpenSSH_4.3p2-hpn, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /opt/soe/local/etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.44.138.107 [10.44.138.107] port 22.
    debug1: Connection established.
    debug1: identity file /home/dgreen49/.ssh/identity type -1
    debug1: identity file /home/dgreen49/.ssh/id_rsa type -1
    debug1: identity file /home/dgreen49/.ssh/id_dsa type -1



    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_4.6p1-hpn12v17
    debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
    debug2: fd 3 setting O_NONBLOCK
    [...]
    ---

    From the server:
    ---
    root@aixhost1 [~]# /opt/soe/local/openssh/sbin/sshd -ddd
    [...]
    debug1: rexec_argv[0]='/opt/soe/local/openssh/sbin/sshd'
    debug1: rexec_argv[1]='-ddd'
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 22 on 0.0.0.0.
    debug1: Server TCP RWIN socket size: 65536
    debug1: HPN Buffer Size: 131072
    Server listening on 0.0.0.0 port 22.
    debug1: fd 4 clearing O_NONBLOCK
    debug1: Server will not fork when running in debugging mode.
    debug3: send_rexec_state: entering fd = 7 config len 1421
    debug3: ssh_msg_send: type 0
    debug3: send_rexec_state: done
    debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7



    debug1: inetd sockets after dupping: 3, 3
    Connection from linuxhost1 port 1119
    [...]
    ---

    sshd_config on AIX host:
    ---
    AllowTcpForwarding yes
    Banner /etc/issue
    ChallengeResponseAuthentication yes
    ClientAliveInterval 0
    ClientAliveCountMax 3
    Compression yes
    GatewayPorts no
    HostbasedAuthentication no
    IgnoreRhosts yes
    IgnoreUserKnownHosts no
    KeyRegenerationInterval 1h
    Port 22
    ListenAddress 0.0.0.0
    LoginGraceTime 2m
    LogLevel INFO
    MaxAuthTries 10
    MaxStartups 10
    PasswordAuthentication yes
    PermitEmptyPasswords no
    PermitRootLogin no
    PermitUserEnvironment no
    PidFile /var/run/sshd.pid
    PrintLastLog yes
    PrintMotd yes
    Protocol 2
    PubkeyAuthentication yes
    RhostsRSAAuthentication no
    ServerKeyBits 768
    StrictModes yes
    Subsystem sftp /opt/soe/local/openssh/libexec/sftp-server
    SyslogFacility AUTH
    TCPKeepAlive yes
    UseDNS no
    UseLogin no
    UsePrivilegeSeparation yes
    X11DisplayOffset 10
    X11Forwarding yes
    X11UseLocalhost yes
    XAuthLocation /usr/bin/X11/xauth
    NoneEnabled no
    HPNDisabled yes
    ---

    Has anyone seen this before? Any help would be appreciated.

    Regards,

    David Green


  2. Re: ssh connection pause


    --- On Thu, 6/19/08, David R Green wrote:

    > Hi, sorry if I've sent this to the wrong list.
    >
    > I'm having a strange issue where establishing an SSH
    > connection to an AIX
    > box running openssh v4.6 pauses for approximately 30
    > seconds during the
    > connection process (I have UseDNS set to no).
    >
    >
    > Has anyone seen this before? Any help would be appreciated.
    >
    >
    > Regards,
    >
    > David Green


    Do you have nameservers defined in /etc/resolv.conf on the server?
    If not, put a nameserver in there.






  3. Re: ssh connection pause

    Hi Joseph,

    Thanks for your reply. I have two working nameservers defined in
    /etc/resolv.conf.

    I should mention that these AIX servers were successfully running openssh
    4.5. It's only since the upgrade to 4.6 that the connection pause occurs.

    Regards,

    David


    listbounce@securityfocus.com wrote on 21/06/2008 07:11:42 AM:

    >
    > --- On Thu, 6/19/08, David R Green wrote:
    >
    > > Hi, sorry if I've sent this to the wrong list.
    > >
    > > I'm having a strange issue where establishing an SSH
    > > connection to an AIX
    > > box running openssh v4.6 pauses for approximately 30
    > > seconds during the
    > > connection process (I have UseDNS set to no).
    > >
    > >
    > > Has anyone seen this before? Any help would be appreciated.
    > >
    > >
    > > Regards,
    > >
    > > David Green

    >
    > Do you have nameservers defined in /etc/resolv.conf on the server?
    > If not, put a nameserver in there.
    >
    >
    >
    >



  4. RE: ssh connection pause


  5. Re: ssh connection pause

    David R Green wrote:

    > I should mention that these AIX servers were successfully running openssh
    > 4.5. It's only since the upgrade to 4.6 that the connection pause occurs.


    Run the ssh client in verbose mode (ex. ssh -vv user@host) and see where
    does the pause happen.

    --
    Glisha


  6. Re: ssh connection pause

    Hi Georgi,

    I provided the output of that in my original post:

    From the client:
    ---
    dgreen49@linuxhost1 [~]# ssh -vvv aixhost1
    OpenSSH_4.3p2-hpn, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /opt/soe/local/etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.44.138.107 [10.44.138.107] port 22.
    debug1: Connection established.
    debug1: identity file /home/dgreen49/.ssh/identity type -1
    debug1: identity file /home/dgreen49/.ssh/id_rsa type -1
    debug1: identity file /home/dgreen49/.ssh/id_dsa type -1



    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_4.6p1-hpn12v17
    debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
    debug2: fd 3 setting O_NONBLOCK
    [...]
    ---

    From the server:
    ---
    root@aixhost1 [~]# /opt/soe/local/openssh/sbin/sshd -ddd
    [...]
    debug1: rexec_argv[0]='/opt/soe/local/openssh/sbin/sshd'
    debug1: rexec_argv[1]='-ddd'
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 22 on 0.0.0.0.
    debug1: Server TCP RWIN socket size: 65536
    debug1: HPN Buffer Size: 131072
    Server listening on 0.0.0.0 port 22.
    debug1: fd 4 clearing O_NONBLOCK
    debug1: Server will not fork when running in debugging mode.
    debug3: send_rexec_state: entering fd = 7 config len 1421
    debug3: ssh_msg_send: type 0
    debug3: send_rexec_state: done
    debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7



    debug1: inetd sockets after dupping: 3, 3
    Connection from linuxhost1 port 1119
    [...]
    ---

    Regards,

    David


    Georgi Stanojevski wrote on 24/06/2008 03:32:28 PM:

    > David R Green wrote:
    >
    > > I should mention that these AIX servers were successfully running

    openssh
    > > 4.5. It's only since the upgrade to 4.6 that the connection pause

    occurs.
    >
    > Run the ssh client in verbose mode (ex. ssh -vv user@host) and see where


    > does the pause happen.
    >
    > --
    > Glisha



  7. Re: ssh connection pause

    Hi all, I've finally figured this one out.

    After sniffing some traffic I found that, even with "UseDNS no", the sshd
    was still performing DNS queries. For some reason in this newer version it
    was performing an ipv6 (AAAA) query first, which the DNS server seems to
    be silently discarding rather than replying with an NXDOMAIN.

    As a workaround I edited /etc/netsvc.conf from "hosts = local, bind" to
    "hosts = local, bind4"

    Thanks to everyone who replied and helped with this issue.

    Regards,

    David





    David R Green
    Sent by: listbounce@securityfocus.com
    24/06/2008 03:36 PM

    To
    Georgi Stanojevski
    cc
    secureshell@securityfocus.com
    Subject
    Re: ssh connection pause






    Hi Georgi,

    I provided the output of that in my original post:

    From the client:
    ---
    dgreen49@linuxhost1 [~]# ssh -vvv aixhost1
    OpenSSH_4.3p2-hpn, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /opt/soe/local/etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.44.138.107 [10.44.138.107] port 22.
    debug1: Connection established.
    debug1: identity file /home/dgreen49/.ssh/identity type -1
    debug1: identity file /home/dgreen49/.ssh/id_rsa type -1
    debug1: identity file /home/dgreen49/.ssh/id_dsa type -1



    debug1: Remote protocol version 2.0, remote software version
    OpenSSH_4.6p1-hpn12v17
    debug1: match: OpenSSH_4.6p1-hpn12v17 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2-hpn
    debug2: fd 3 setting O_NONBLOCK
    [...]
    ---

    From the server:
    ---
    root@aixhost1 [~]# /opt/soe/local/openssh/sbin/sshd -ddd
    [...]
    debug1: rexec_argv[0]='/opt/soe/local/openssh/sbin/sshd'
    debug1: rexec_argv[1]='-ddd'
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 22 on 0.0.0.0.
    debug1: Server TCP RWIN socket size: 65536
    debug1: HPN Buffer Size: 131072
    Server listening on 0.0.0.0 port 22.
    debug1: fd 4 clearing O_NONBLOCK
    debug1: Server will not fork when running in debugging mode.
    debug3: send_rexec_state: entering fd = 7 config len 1421
    debug3: ssh_msg_send: type 0
    debug3: send_rexec_state: done
    debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7



    debug1: inetd sockets after dupping: 3, 3
    Connection from linuxhost1 port 1119
    [...]
    ---

    Regards,

    David


    Georgi Stanojevski wrote on 24/06/2008 03:32:28 PM:

    > David R Green wrote:
    >
    > > I should mention that these AIX servers were successfully running

    openssh
    > > 4.5. It's only since the upgrade to 4.6 that the connection pause

    occurs.
    >
    > Run the ssh client in verbose mode (ex. ssh -vv user@host) and see where



    > does the pause happen.
    >
    > --
    > Glisha



+ Reply to Thread