SSH is slow connecting

Question

SSH is slow connecting

SSH takes about 30 seconds to connect. It was not a problem with 10.4. I did a clean install of 10.5 and now ssh is slow connecting and will not connect outside my network. My router has the same settings and I do not believe the router is the issue when connecting over the internet. I did change the port in /etc/sshd_config and /etc/services. I am also using keys and turned off password authentication. This set up worked perfect in 10.5.

Any ideas?

Mac Mini, Mac OS X (10.5.2)

Posted on Mar 5, 2008 1:23 PM

Reply

Answer 1

etresoft

Level 9

56,674 points

Mar 5, 2008 2:23 PM in response to rottonapple99

Try running ssh in verbose mode "-v" or even "-v -v -v" and see what you get.

Reply

Answer 2

Mar 5, 2008 2:38 PM in response to etresoft

It pauses at "debug2: key: /home/poindexter/.ssh/id_dsa (0x80057630)". I also forgot to mention I am connecting from an Ubuntu Linux box.

user@ubuntu:~$ ssh -v -v -v -p 2222 user@192.168.1.99
OpenSSH_4.6p1 Debian-5ubuntu0.1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.99 [192.168.1.99] port 2222.
debug1: Connection established.
debug1: identity file /home/user/.ssh/identity type -1
debug1: identity file /home/user/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/user/.ssh/id_dsa.
debug2: key type_fromname: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key type_fromname: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5ubuntu0.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2 MSGKEXINIT sent
debug1: SSH2 MSGKEXINIT received
debug2: kex parsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex parsekexinit: ssh-rsa,ssh-dss
debug2: kex parsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex parsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex parsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
debug2: kex parsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
debug2: kex parsekexinit: none,zlib@openssh.com,zlib
debug2: kex parsekexinit: none,zlib@openssh.com,zlib
debug2: kex parsekexinit:
debug2: kex parsekexinit:
debug2: kex parsekexinit: first kexfollows 0
debug2: kex parsekexinit: reserved 0
debug2: kex parsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex parsekexinit: ssh-rsa,ssh-dss
debug2: kex parsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex parsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex parsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
debug2: kex parsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
debug2: kex parsekexinit: none,zlib@openssh.com
debug2: kex parsekexinit: none,zlib@openssh.com
debug2: kex parsekexinit:
debug2: kex parsekexinit:
debug2: kex parsekexinit: first kexfollows 0
debug2: kex parsekexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2 MSG_KEX_DH_GEXREQUEST(1024<1024<8192) sent
debug1: expecting SSH2 MSG_KEX_DH_GEXGROUP
debug2: dh genkey: priv key bits set: 137/256
debug2: bits set: 490/1024
debug1: SSH2 MSG_KEX_DH_GEXINIT sent
debug1: expecting SSH2 MSG_KEX_DH_GEXREPLY
debug3: put hostport: [192.168.1.99]:2222
debug3: put hostport: [192.168.1.99]:2222
debug3: check host_inhostfile: filename /home/user/.ssh/known_hosts
debug3: check host_inhostfile: match line 8
debug3: check host_inhostfile: filename /home/user/.ssh/known_hosts
debug3: check host_inhostfile: match line 8
debug1: Host '[192.168.1.99]:2222' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:8
debug2: bits set: 507/1024
debug1: ssh rsaverify: signature correct
debug2: kex derivekeys
debug2: set_newkeys: mode 1
debug1: SSH2 MSGNEWKEYS sent
debug1: expecting SSH2 MSGNEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2 MSGNEWKEYS received
debug1: SSH2 MSG_SERVICEREQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2 MSG_SERVICEACCEPT received
debug2: key: /home/user/.ssh/identity ((nil))
debug2: key: /home/user/.ssh/id_rsa ((nil))
debug2: key: /home/user/.ssh/id_dsa (0x80057630)
debug3: input userauthbanner
* * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE

PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR
OTHER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY

NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO
MONITORING AND AUDITING.
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod isenabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug3: no such identity: /home/user/.ssh/identity
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa
debug1: Offering public key: /home/user/.ssh/id_dsa
debug3: send pubkeytest
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input userauth_pkok: fp f4:17:77:b9:fa:a4:61:c1:90:09:f2:74:4c:e7:c8:02
debug3: sign and_sendpubkey
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug3: ssh session2open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client session2setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty makemodes: ospeed 38400
debug3: tty makemodes: ispeed 38400
debug3: tty makemodes: 1 3
debug3: tty makemodes: 2 28
debug3: tty makemodes: 3 127
debug3: tty makemodes: 4 21
debug3: tty makemodes: 5 4
debug3: tty makemodes: 6 255
debug3: tty makemodes: 7 255
debug3: tty makemodes: 8 17
debug3: tty makemodes: 9 19
debug3: tty makemodes: 10 26
debug3: tty makemodes: 12 18
debug3: tty makemodes: 13 23
debug3: tty makemodes: 14 22
debug3: tty makemodes: 18 15
debug3: tty makemodes: 30 0
debug3: tty makemodes: 31 0
debug3: tty makemodes: 32 0
debug3: tty makemodes: 33 0
debug3: tty makemodes: 34 0
debug3: tty makemodes: 35 0
debug3: tty makemodes: 36 1
debug3: tty makemodes: 37 0
debug3: tty makemodes: 38 1
debug3: tty makemodes: 39 1
debug3: tty makemodes: 40 0
debug3: tty makemodes: 41 1
debug3: tty makemodes: 50 1
debug3: tty makemodes: 51 1
debug3: tty makemodes: 52 0
debug3: tty makemodes: 53 1
debug3: tty makemodes: 54 1
debug3: tty makemodes: 55 1
debug3: tty makemodes: 56 0
debug3: tty makemodes: 57 0
debug3: tty makemodes: 58 0
debug3: tty makemodes: 59 1
debug3: tty makemodes: 60 1
debug3: tty makemodes: 61 1
debug3: tty makemodes: 62 0
debug3: tty makemodes: 70 1
debug3: tty makemodes: 71 0
debug3: tty makemodes: 72 1
debug3: tty makemodes: 73 0
debug3: tty makemodes: 74 0
debug3: tty makemodes: 75 0
debug3: tty makemodes: 90 1
debug3: tty makemodes: 91 1
debug3: tty makemodes: 92 0
debug3: tty makemodes: 93 0
debug1: Sending environment.
debug3: Ignored env SSH AGENTPID
debug3: Ignored env SHELL
debug3: Ignored env DESKTOP STARTUPID
debug3: Ignored env TERM
debug3: Ignored env XDG SESSIONCOOKIE
debug3: Ignored env GTK RCFILES
debug3: Ignored env WINDOWID
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH AUTHSOCK
debug3: Ignored env GNOME KEYRINGSOCKET
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env GDM XSERVERLOCATION
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GNOME KEYRINGPID
debug3: Ignored env GDM_LANG
debug3: Ignored env GDMSESSION
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env GNOME DESKTOP_SESSIONID
debug3: Ignored env LOGNAME
debug3: Ignored env XDG DATADIRS
debug3: Ignored env DBUS SESSION_BUSADDRESS
debug3: Ignored env LESSOPEN
debug3: Ignored env WINDOWPATH
debug3: Ignored env DISPLAY
debug3: Ignored env LESSCLOSE
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Wed Mar 5 14:32:02 2008 from 192.168.1.100

Reply

Answer 3

etresoft

Level 9

56,674 points

Mar 5, 2008 3:20 PM in response to rottonapple99

Check your nameservers on the 10.5 machine. It kind of sounds like it is timing out on the first nameserver when it tries to do the reverse lookup.

Reply

Answer 4

alleytm

Level 1

19 points

Mar 5, 2008 8:36 PM in response to etresoft

There was a script posted here a while back on another thread of the same topic. Apparently there is something in the Leopard version of ssh that resolves names slowly, because what the script did was to do the name lookup separately and then pass the IP address to ssh. I've been using the script for a couple of months and it seems to work fine.

Still, it would be nice to fix the slow name resolution of ssh.

Text of the shell script follows in case you want to cut/paste it onto your machine to see if it will help.

Tom
_____________________________________________________

#!/bin/zsh
destuser="${1%@*}"
desthost="${1/*@}"
shift
ip=${$(host "$desthost")[4]}
if [ "$destuser" = "$desthost" ]
then
dest="$ip"
else
dest="$destuser"@"$ip"
fi
exec /usr/bin/ssh "$dest" "$@"

Reply

Answer 5

Mar 7, 2008 1:56 PM in response to alleytm

Thanks for the script. I tried it and it did not help. Maybe it is because I am sshing from a Ubuntu Linux machine to the 10.5 Mac. I also tried adding the Mac domain name to /etc/hosts. The Ubuntu box is a laptop and I will be connecting from different ip address. So, it cannot be added to /etc/hosts. Any other ideas. Thanks.

Reply

Answer 6

Mar 7, 2008 2:47 PM in response to rottonapple99

I found a solution here: http://maestric.com/en/doc/fix-slow-ssh-connections-delays-on-mac-os-x. I just had to change it on the Mac and not the remote Ubuntu box connecting to it. If you have the problem from a Mac then you might have to change /etc/ssh_config. Check the link for details.

sudo vi /etc/sshd_config

Replace this line:
#UseDNS yes

by:
UseDNS no
Again, don't forget to remove the sharp. That's it !

Reply

Answer 7

etresoft

Level 9

56,674 points

Mar 8, 2008 12:05 PM in response to rottonapple99

Keep in mind, though, this is not a solution, it is a hack. You are introducing a security vulnerability with this. In my opinion, most people are way too paranoid about security anyway. I wouldn't mind making this kind of change. Still, I suspect there is a true solution lurking out there somewhere.

Reply

Answer 8

Mar 8, 2008 3:01 PM in response to etresoft

I am just happy that it is working right now. It seems like it is a bug that hopefully Apple will fix soon. I just found another bug. When my Mac is asleep I am unable to ssh into it. I am still in the middle of testing it.

Reply

Answer 9

etresoft

Level 9

56,674 points

Mar 9, 2008 6:47 PM in response to rottonapple99

If you think it is a bug, you should report it. Otherwise, it won't get fixed on its own. I don't think it is a bug though. It is much more likely to a misconfiguration or misunderstanding.

Your other issue is definitely not a bug. If your machine is asleep, you shouldn't be able to ssh into it. If you have a Ethernet connection to it, you can, in theory, send it a magic packet to wake it up. But I doubt your network it setup to allow that.

Reply