Date: Fri, 31 Jan 2003 18:09:18 -0500 From: Ralph Dratman <ralph@maxsoft.com> To: freebsd-security@freebsd.org Subject: SSHD suddenly takes SIX MINUTES to authenticate Message-ID: <v04210102ba60a5a98b9c@[192.168.1.27]>
next in thread | raw e-mail | index | archive | help
Suddenly I cannot SSH to one of my FreeBSD servers. This is true from every SSH client on every computer I've tried. My sshd setup had worked fine for several years until just yesterday. I am now getting "Timeout before authentication" errors in the system log. I can SSH normally to other hosts. On this host I am running FreeBSD 4.3. For testing, I killed the running sshd task, then started a new one using the -d (debug) switch. Now if I wait long enough I eventually get logged in. Can anyone help me figure out what the problem might be? Following is the sshd console output showing a VERY slow login attempt - it took about six minutes to connect! (I'm guessing the debug switch turns off timeouts.) Also after the long delay, the client screen says: debug: krb5_cleanup_proc() called. Thanks in advance for any suggestions. ---------------------------------- root@kq9 Fri Jan 31 17:07:52 /etc/ssh#/usr/sbin/sshd -d debug: sshd version OpenSSH_2.2.0 debug: read DSA private key done debug: Bind to port 22 on ::. Server listening on :: port 22. debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from router.dratman.com port 4656 Connection from 192.168.1.1 port 4656 debug: Client protocol version 2.0; client software version PuTTY-Release-0.53b Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-1.99-OpenSSH_2.2.0 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-rsa,ssh-dss debug: got kexinit: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijn dael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc debug: got kexinit: aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijn dael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc debug: got kexinit: hmac-sha1,hmac-md5,none debug: got kexinit: hmac-sha1,hmac-md5,none debug: got kexinit: none,zlib,none debug: got kexinit: none,zlib,none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: client->server blowfish-cbc hmac-sha1 none debug: kex: server->client blowfish-cbc hmac-sha1 none debug: Wait SSH2_MSG_KEXDH_INIT. debug: bits set: 514/1024 debug: bits set: 529/1024 debug: sig size 20 20 debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: userauth-request for user rd service ssh-connection method none Failed none for rd from 192.168.1.1 port 4656 ssh2 debug: userauth-request for user rd service ssh-connection method password Accepted password for rd from 192.168.1.1 port 4656 ssh2 debug: Entering interactive session for SSH2. debug: server_init_dispatch_20 debug: channel_input_open: ctype session rchan 256 win 16384 max 16384 debug: open session debug: channel 0: new [server-session] debug: session_new: init debug: session_new: session 0 debug: session_open: channel 0 debug: session_open: session 0: link with channel 0 debug: confirm session debug: callback start debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 channel 0 request pty-req reply 1 debug: session_pty_req: session 0 alloc /dev/ttyp1 debug: callback done debug: callback start debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 channel 0 request shell reply 1 debug: no set_nonblock for tty fd 4 debug: Setting controlling tty using TIOCSCTTY. debug: no set_nonblock for tty fd 3 debug: callback done debug: channel 0: rcvd adjust 59 debug: channel 0: rcvd adjust 62 debug: channel 0: rcvd adjust 69 debug: channel 0: rcvd adjust 64 debug: channel 0: rcvd adjust 2 debug: channel 0: rcvd adjust 21 debug: channel 0: rcvd adjust 2 debug: channel 0: rcvd adjust 35 debug: channel 0: rcvd adjust 14 debug: channel 0: rcvd adjust 108 debug: channel 0: rcvd adjust 21 debug: channel 0: rcvd adjust 15 debug: channel 0: rcvd adjust 24 debug: channel 0: rcvd adjust 11 debug: channel 0: rcvd adjust 14 debug: channel 0: rcvd adjust 116 debug: channel 0: rcvd adjust 29 debug: channel 0: rcvd adjust 2 debug: channel 0: rcvd adjust 29 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04210102ba60a5a98b9c>