On Tuesday 04 September 2007 16:26:12 Phil Meyer wrote: > Kevin Kempter wrote: > > Hi List; > > > > I have a machine I want to ssh to with no passwd. I've done this on my > > local fedora 7 box: > > > > $ ssh-keygen -t dsa -f .ssh/id_dsa > > $ cd .ssh > > $ scp id_dsa.pub user@remote:~/.ssh/id_dsa.pub > > > > > > Then I connected to the remote box and did this: > > > > $ ssh user@remote > > [remote-box] $ cd .ssh > > > > [remote-box] $ cat id_dsa.pub >> authorized_keys2 > > [remote-box] $ chmod 640 authorized_keys2 > > [remote-box] $ rm id_dsa.pub > > [remote-box] $ exit > > > > The scp took like 5min > > > > Then I try and connect like this (remote box is 172.16.128.128) : > > > > $ ssh -v 172.16.128.128 > > > > and I get this: > > OpenSSH_4.5p1, OpenSSL 0.9.8b 04 May 2006 > > debug1: Reading configuration data /home/kkempter/.ssh/config > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug1: Connecting to 172.16.128.128 [172.16.128.128] port 22. > > debug1: Connection established. > > debug1: identity file /home/kkempter/.ssh/identity type -1 > > debug1: identity file /home/kkempter/.ssh/id_rsa type 1 > > debug1: identity file /home/kkempter/.ssh/id_dsa type 2 > > debug1: Remote protocol version 1.99, remote software version OpenSSH_4.6 > > debug1: match: OpenSSH_4.6 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_4.5 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug1: Host '172.16.128.128' is known and matches the RSA host key. > > debug1: Found key in /home/kkempter/.ssh/known_hosts:13 > > debug1: ssh_rsa_verify: signature correct > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: publickey,password > > debug1: Next authentication method: publickey > > debug1: Trying private key: /home/kkempter/.ssh/identity > > debug1: Offering public key: /home/kkempter/.ssh/id_rsa > > > > At this point ssh hangs for like 4 or 5 minutes, then I get this: > > > > debug1: Server accepts key: pkalg ssh-dss blen 433 > > debug1: read PEM private key done: type DSA > > debug1: Authentication succeeded (publickey). > > debug1: channel 0: new [client-session] > > debug1: Entering interactive session. > > debug1: Sending environment. > > debug1: Sending env LANG = en_US.UTF-8 > > Last login: Tue Sep 4 16:26:13 2007 from 172.16.128.1 > > > > Then it hangs again for another 2 - 3 minutes and finally I get a prompt. > > > > the remote box is a windows XP box in vmware on my local fedora box > > running cygwin > > > > Any thoughts? > > Almost a certainty that is a DNS issue. Whenever ssh hangs like that > with no error, it is almost always is DNS on the system you are trying > to log into. > > ssh tries very hard to be a good citizen and allow updates to utmp > and wxtmp databases, which require FQDNS names. > > You can tell quite simply if this is the case. > > After the LONG pause to get logged in, do: > > $ w > or > $ who > > That is the old BSD style who program, that by default shows > the host name for remote logins. If your session lists the IP Address > instead of the host name, you know for sure that the DNS reverse name > lookup for that login session failed. > > Most DNS failures for ssh are set at about 120 seconds by default. > > Good Luck! You are exactly correct. Can I tweak the 120 seconds timeout? also can I tell ssh to not try the DNS lookup?
