Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Users
slow ssh response time
papito.dit at gmail
Apr 12, 2011, 9:15 AM
Post #1 of 5 (19522 views)
Permalink
Hello!!

I have a slow ssh response time and I don't know what is causing it.
I'm providing you with some information and kindly requesting
your help.

***System***
Linux Ubuntu 10.04.2 LTS 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1
21:30:46 UTC 2011 x86_64 GNU/Linux

***OpenSSH version***
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009

***Problem***
ssh -v user@host
OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to host [XX.XXX.XX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1

--------------->Delay (4-5 secs)<---------------

debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.3p1 Debian-3ubuntu6
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Next authentication method: password
user@host's password:

***sshd_config file***
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 768

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
UseDNS no
AllowUsers user

Thank you for any information about this!
Mike
Re: slow ssh response time [ In reply to ]
papito.dit at gmail
Apr 12, 2011, 3:52 PM
Post #2 of 5 (19350 views)
Permalink
Actually the problem seems to have been sorted out. Right after
placing in the sshd_config file "UseDNS no" and reloading/restarting
the OpenSSH server, no effect took place, but a few hours later my ssh
response became instant (<1 sec) :)
Strange..

Mike

On Tue, Apr 12, 2011 at 7:15 PM, Michael Sioutis <papito.dit@gmail.com> wrote:
> Hello!!
>
> I have a slow ssh response time and I don't know what is causing it.
> I'm providing you with some information and kindly requesting
> your help.
>
> ***System***
> Linux  Ubuntu 10.04.2 LTS 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1
> 21:30:46 UTC 2011 x86_64 GNU/Linux
>
> ***OpenSSH version***
> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
>
> ***Problem***
> ssh -v user@host
> OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to host [XX.XXX.XX.XXX] port 22.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/user/.ssh/id_rsa-cert type -1
> debug1: identity file /home/user/.ssh/id_dsa type -1
> debug1: identity file /home/user/.ssh/id_dsa-cert type -1
>
> --------------->Delay (4-5 secs)<---------------
>
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_5.3p1 Debian-3ubuntu6
> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'host' is known and matches the RSA host key.
> debug1: Found key in /home/user/.ssh/known_hosts:9
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/user/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/user/.ssh/id_dsa
> debug1: Next authentication method: password
> user@host's password:
>
> ***sshd_config file***
> Port 22
> Protocol 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> UsePrivilegeSeparation yes
>
> KeyRegenerationInterval 3600
> ServerKeyBits 768
>
> SyslogFacility AUTH
> LogLevel INFO
>
> LoginGraceTime 120
> PermitRootLogin no
> StrictModes yes
>
> RSAAuthentication yes
> PubkeyAuthentication yes
>
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
>
> PermitEmptyPasswords no
>
> ChallengeResponseAuthentication no
>
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> TCPKeepAlive yes
>
> AcceptEnv LANG LC_*
>
> Subsystem sftp /usr/lib/openssh/sftp-server
>
> UsePAM yes
> UseDNS no
> AllowUsers user
>
> Thank you for any information about this!
> Mike
>
Re: slow ssh response time [ In reply to ]
SSherei at npcegypt
Apr 13, 2011, 1:20 AM
Post #3 of 5 (19307 views)
Permalink
hello mike,

Well normally DNS resolution slows any network activity down. Even in port scanning for example using nmap its prefered to use the -n switch to disable DNS resolution because it slows the scan down.

Hope this helped to clarify things a bit.

Regards,

Saif
OSCP

Sent from my iPhone.

On Apr 13, 2011, at 5:14 AM, "Michael Sioutis" <papito.dit@gmail.com> wrote:

> Actually the problem seems to have been sorted out. Right after
> placing in the sshd_config file "UseDNS no" and reloading/restarting
> the OpenSSH server, no effect took place, but a few hours later my ssh
> response became instant (<1 sec) :)
> Strange..
>
> Mike
>
> On Tue, Apr 12, 2011 at 7:15 PM, Michael Sioutis <papito.dit@gmail.com> wrote:
>> Hello!!
>>
>> I have a slow ssh response time and I don't know what is causing it.
>> I'm providing you with some information and kindly requesting
>> your help.
>>
>> ***System***
>> Linux Ubuntu 10.04.2 LTS 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1
>> 21:30:46 UTC 2011 x86_64 GNU/Linux
>>
>> ***OpenSSH version***
>> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
>>
>> ***Problem***
>> ssh -v user@host
>> OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug1: Connecting to host [XX.XXX.XX.XXX] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/user/.ssh/id_rsa type 1
>> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>> debug1: identity file /home/user/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/user/.ssh/id_dsa type -1
>> debug1: identity file /home/user/.ssh/id_dsa-cert type -1
>>
>> --------------->Delay (4-5 secs)<---------------
>>
>> debug1: Remote protocol version 2.0, remote software version
>> OpenSSH_5.3p1 Debian-3ubuntu6
>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug1: Host 'host' is known and matches the RSA host key.
>> debug1: Found key in /home/user/.ssh/known_hosts:9
>> debug1: ssh_rsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,password
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /home/user/.ssh/id_rsa
>> debug1: Authentications that can continue: publickey,password
>> debug1: Trying private key: /home/user/.ssh/id_dsa
>> debug1: Next authentication method: password
>> user@host's password:
>>
>> ***sshd_config file***
>> Port 22
>> Protocol 2
>> HostKey /etc/ssh/ssh_host_rsa_key
>> HostKey /etc/ssh/ssh_host_dsa_key
>> UsePrivilegeSeparation yes
>>
>> KeyRegenerationInterval 3600
>> ServerKeyBits 768
>>
>> SyslogFacility AUTH
>> LogLevel INFO
>>
>> LoginGraceTime 120
>> PermitRootLogin no
>> StrictModes yes
>>
>> RSAAuthentication yes
>> PubkeyAuthentication yes
>>
>> IgnoreRhosts yes
>> RhostsRSAAuthentication no
>> HostbasedAuthentication no
>>
>> PermitEmptyPasswords no
>>
>> ChallengeResponseAuthentication no
>>
>> X11Forwarding yes
>> X11DisplayOffset 10
>> PrintMotd no
>> PrintLastLog yes
>> TCPKeepAlive yes
>>
>> AcceptEnv LANG LC_*
>>
>> Subsystem sftp /usr/lib/openssh/sftp-server
>>
>> UsePAM yes
>> UseDNS no
>> AllowUsers user
>>
>> Thank you for any information about this!
>> Mike
>>
>
Re: slow ssh response time [ In reply to ]
papito.dit at gmail
Apr 13, 2011, 3:00 AM
Post #4 of 5 (19308 views)
Permalink
Thank you all for your answers!

You probably didn't receive an earlier response of mine:
==========================================================
Actually the problem seems to have been sorted out. Right after
placing in the sshd_config file "UseDNS no" and reloading/restarting
the OpenSSH server, no effect took place, but a few hours later my ssh
response became instant (<1 sec) :)
Strange..

Mike
==========================================================

Actually the above is not entirely true. When I try to ssh into my
desktop at home from a pc I use at work, the response
is still slow, BUT I have tried to ssh into my desktop at home from
multiple other pcs and the password prompt is instant.

If it makes any difference, the pc at work runs on UBuntu 10.10,
whereas all other pcs I've tried run on 8.04.

Mike

On Wed, Apr 13, 2011 at 11:20 AM, Saif El Sherei <SSherei@npcegypt.com> wrote:
> hello mike,
>
> Well normally DNS resolution slows any network activity down. Even in port scanning for example using nmap its prefered to use the -n switch to disable DNS resolution because it slows the scan down.
>
> Hope this helped to clarify things a bit.
>
> Regards,
>
> Saif
> OSCP
>
> Sent from my iPhone.
>
> On Apr 13, 2011, at 5:14 AM, "Michael Sioutis" <papito.dit@gmail.com> wrote:
>
>> Actually the problem seems to have been sorted out. Right after
>> placing in the sshd_config file "UseDNS no" and reloading/restarting
>> the OpenSSH server, no effect took place, but a few hours later my ssh
>> response became instant (<1 sec) :)
>> Strange..
>>
>> Mike
>>
>> On Tue, Apr 12, 2011 at 7:15 PM, Michael Sioutis <papito.dit@gmail.com> wrote:
>>> Hello!!
>>>
>>> I have a slow ssh response time and I don't know what is causing it.
>>> I'm providing you with some information and kindly requesting
>>> your help.
>>>
>>> ***System***
>>> Linux  Ubuntu 10.04.2 LTS 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1
>>> 21:30:46 UTC 2011 x86_64 GNU/Linux
>>>
>>> ***OpenSSH version***
>>> OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
>>>
>>> ***Problem***
>>> ssh -v user@host
>>> OpenSSH_5.5p1 Debian-4ubuntu5, OpenSSL 0.9.8o 01 Jun 2010
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug1: Applying options for *
>>> debug1: Connecting to host [XX.XXX.XX.XXX] port 22.
>>> debug1: Connection established.
>>> debug1: identity file /home/user/.ssh/id_rsa type 1
>>> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>>> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>>> debug1: identity file /home/user/.ssh/id_rsa-cert type -1
>>> debug1: identity file /home/user/.ssh/id_dsa type -1
>>> debug1: identity file /home/user/.ssh/id_dsa-cert type -1
>>>
>>> --------------->Delay (4-5 secs)<---------------
>>>
>>> debug1: Remote protocol version 2.0, remote software version
>>> OpenSSH_5.3p1 Debian-3ubuntu6
>>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
>>> debug1: Enabling compatibility mode for protocol 2.0
>>> debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
>>> debug1: SSH2_MSG_KEXINIT sent
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>> debug1: Host 'host' is known and matches the RSA host key.
>>> debug1: Found key in /home/user/.ssh/known_hosts:9
>>> debug1: ssh_rsa_verify: signature correct
>>> debug1: SSH2_MSG_NEWKEYS sent
>>> debug1: expecting SSH2_MSG_NEWKEYS
>>> debug1: SSH2_MSG_NEWKEYS received
>>> debug1: Roaming not allowed by server
>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> debug1: Authentications that can continue: publickey,password
>>> debug1: Next authentication method: publickey
>>> debug1: Offering public key: /home/user/.ssh/id_rsa
>>> debug1: Authentications that can continue: publickey,password
>>> debug1: Trying private key: /home/user/.ssh/id_dsa
>>> debug1: Next authentication method: password
>>> user@host's password:
>>>
>>> ***sshd_config file***
>>> Port 22
>>> Protocol 2
>>> HostKey /etc/ssh/ssh_host_rsa_key
>>> HostKey /etc/ssh/ssh_host_dsa_key
>>> UsePrivilegeSeparation yes
>>>
>>> KeyRegenerationInterval 3600
>>> ServerKeyBits 768
>>>
>>> SyslogFacility AUTH
>>> LogLevel INFO
>>>
>>> LoginGraceTime 120
>>> PermitRootLogin no
>>> StrictModes yes
>>>
>>> RSAAuthentication yes
>>> PubkeyAuthentication yes
>>>
>>> IgnoreRhosts yes
>>> RhostsRSAAuthentication no
>>> HostbasedAuthentication no
>>>
>>> PermitEmptyPasswords no
>>>
>>> ChallengeResponseAuthentication no
>>>
>>> X11Forwarding yes
>>> X11DisplayOffset 10
>>> PrintMotd no
>>> PrintLastLog yes
>>> TCPKeepAlive yes
>>>
>>> AcceptEnv LANG LC_*
>>>
>>> Subsystem sftp /usr/lib/openssh/sftp-server
>>>
>>> UsePAM yes
>>> UseDNS no
>>> AllowUsers user
>>>
>>> Thank you for any information about this!
>>> Mike
>>>
>>
>
Re: slow ssh response time [ In reply to ]
papito.dit at gmail
Apr 14, 2011, 9:31 AM
Post #5 of 5 (19281 views)
Permalink
PROBLEM SOLVED!

Viewing the users (which was me from different PCs) logging in through
sshd with Logwatch, I noticed that all PCs except the one in my office
had a domain name.
So I created a domain name using dynDNS for that PC at work and now
the password prompt when sshing into the PC at home
from the PC at work is instant!

I don't understand though why this worked, because I had set "UseDNS
no" in my openSSH server at home.

Mike

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal