[ale] more fun with ssh

Jim Kinney jim.kinney at gmail.com
Sun Aug 12 17:48:07 EDT 2012


You can force version 2 only in confug. Ssh_version 2 is setting I think.
On Aug 12, 2012 11:01 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:

>
>
> On Sun, Aug 12, 2012 at 10:37 AM, Wolf Halton <wolf.halton at gmail.com>wrote:
>
>>
>>
>> On Sun, Aug 12, 2012 at 10:32 AM, Wolf Halton <wolf.halton at gmail.com>wrote:
>>
>>>
>>>
>>> On Sun, Aug 12, 2012 at 10:19 AM, Jim Kinney <jim.kinney at gmail.com>wrote:
>>>
>>>> It still tries to resolve the ip to a host name. If you're not using
>>>> dns for that segment, put a name in etc/hosts.
>>>> On Aug 12, 2012 9:52 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:
>>>>
>>>>> Why would one of the hosts in my network take a very long time (over
>>>>> 10 seconds) to negotiate a connection from another host on the same lan.
>>>>> Using IP address only, no DNS resolution involved.
>>>>>
>>>>> This would only be an interesting  oddity if it didn't time out nagios
>>>>> checks.
>>>>>
>>>>> Wolf
>>>>>
>>>>> http://evergreen-community-01.lyrasistechnology.org
>>>>> http://sourcefreedom.com
>>>>> Apache developer:
>>>>> wolfhalton at apache.org
>>>>>
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org
>>>>> http://mail.ale.org/mailman/listinfo/ale
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> http://mail.ale.org/mailman/listinfo/ale
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo
>>>>
>>>>
>>> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
>>> debug1: SSH2_MSG_KEXINIT sent
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>> debug1: Host '192.168.10.56' is known and matches the RSA host key.
>>> debug1: Found key in /home/nagios/.ssh/known_hosts:32
>>> debug1: ssh_rsa_verify: signature correct
>>> debug1: SSH2_MSG_NEWKEYS sent
>>> debug1: expecting SSH2_MSG_NEWKEYS
>>> debug1: SSH2_MSG_NEWKEYS received
>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>> %% slowdown is right here %%
>>> debug1: Authentications that can continue: publickey,password
>>> debug1: Next authentication method: publickey
>>> debug1: Trying private key: /home/nagios/.ssh/identity
>>> debug1: Offering public key: /home/nagios/.ssh/id_rsa
>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>> debug1: read PEM private key done: type RSA
>>> debug1: Authentication succeeded (publickey).
>>> debug1: channel 0: new [client-session]
>>> debug1: Requesting no-more-sessions at openssh.com
>>> debug1: Entering interactive session.
>>> debug1: Sending environment.
>>> debug1: Sending env LANG = en_US.UTF-8
>>>
>>> Why would only this host have that slow-down and none of the others?
>>> --
>>> This Apt Has Super Cow Powers - http://sourcefreedom.com
>>> Open-Source Software in Libraries - http://FOSS4Lib.org
>>> Advancing Libraries Together - http://LYRASIS.org
>>> Apache Open Office Developer wolfhalton at apache.org
>>>
>>>
>> How would I get it to NOT check reverse DNS?
>> http://ubuntuforums.org/showthread.php?t=1699197
>>
>> "Just add the parameter "UseDNS no" on /etc/ssh/sshd_config" to the
>> remote host I am shelling into?
>>
>> --
>> This Apt Has Super Cow Powers - http://sourcefreedom.com
>> Open-Source Software in Libraries - http://FOSS4Lib.org
>> Advancing Libraries Together - http://LYRASIS.org
>> Apache Open Office Developer wolfhalton at apache.org
>>
>>
> Well adding the nagios server to the /etc/hosts file of the slowpoke,
> worked for that server, and adding the "UseDNS no" parameter to the
> /etc/sshd_config file on the slowpoke made other local servers access it
> properly.
> Now my question is, "Why does the system have to convert to SSH type I and
> how do I get it to use type II?
>
> --
> This Apt Has Super Cow Powers - http://sourcefreedom.com
> Open-Source Software in Libraries - http://FOSS4Lib.org
> Advancing Libraries Together - http://LYRASIS.org
> Apache Open Office Developer wolfhalton at apache.org
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120812/52db6659/attachment.html 


More information about the Ale mailing list