Postponed publickey for user - What does this mean? - SSH

This is a discussion on Postponed publickey for user - What does this mean? - SSH ; Slightly obfuscated log entries: Jan 15 00:02:06 helios sshd[22833]: Postponed publickey for zzz from zzz.zzz.142.109 port 11815 ssh2 Jan 15 00:02:18 helios sshd[22832]: Accepted publickey for zzz from zzz.zzz.142.109 port 11815 ssh2 Jan 15 00:02:18 helios sshd[22834]: pam_unix(sshd:session): session opened ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Postponed publickey for user - What does this mean?

  1. Postponed publickey for user - What does this mean?

    Slightly obfuscated log entries:

    Jan 15 00:02:06 helios sshd[22833]: Postponed publickey for zzz from
    zzz.zzz.142.109 port 11815 ssh2
    Jan 15 00:02:18 helios sshd[22832]: Accepted publickey for zzz from
    zzz.zzz.142.109 port 11815 ssh2
    Jan 15 00:02:18 helios sshd[22834]: pam_unix(sshd:session): session
    opened for user zzz by (uid=0)
    Jan 15 00:03:36 helios sshd[22834]: pam_unix(sshd:session): session
    closed for user zzz

    This is a valid user with a valid private key installed. What
    is the meaning of the message and 12-second delay between
    the first and second messages?

    --
    Jim Garrison (jhg@acm.org)
    PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88

  2. Re: Postponed publickey for user - What does this mean?

    On 2007-01-16, Jim Garrison wrote:
    > Slightly obfuscated log entries:
    >
    > Jan 15 00:02:06 helios sshd[22833]: Postponed publickey for zzz from
    > zzz.zzz.142.109 port 11815 ssh2
    > Jan 15 00:02:18 helios sshd[22832]: Accepted publickey for zzz from
    > zzz.zzz.142.109 port 11815 ssh2
    > Jan 15 00:02:18 helios sshd[22834]: pam_unix(sshd:session): session
    > opened for user zzz by (uid=0)
    > Jan 15 00:03:36 helios sshd[22834]: pam_unix(sshd:session): session
    > closed for user zzz
    >
    > This is a valid user with a valid private key installed. What
    > is the meaning of the message and 12-second delay between
    > the first and second messages?


    Simplifying somewhat, the pubkey protocol has 2 steps: first the client
    asks if the server would accept a given public key, then if the server
    indicates that it would, the client will provide a signature with the
    corresponding private key. In the log, the "postponed" corresponds to
    the first of these 2 steps.

    Something is happening between these two steps that's slowing things
    down. Some possibilities:

    * the client or server is slow and/or the key is big, so generating or
    validating the signature takes time.

    * DNS problems (eg for login recording).

    * something a PAM module is doing takes some time (depends on what
    you have).

    If you run the client and server with full debugging you might get a
    better indication of what exactly it's doing when the pause occurs.
    http://www.snailbook.com/faq/general...ging.auto.html

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread