[ale] more fun with ssh

Lightner, Jeff JLightner at water.com
Mon Aug 13 08:37:01 EDT 2012 

If adding it to /etc/hosts resolved the issue it makes it sound as if your issue is name resolution.

Is the slowpoke Linux?
What is in /etc/nsswitch.conf on the slowpoke for the “hosts” line?  (You may need to look at other lines for IPv6 if not Linux.)
If hosts line has “files” before “dns” what is in /etc/resolv.conf?   Does it try nis?
What happens if you try “host <nagios master>” from the slowpoke?  What if you try “dig <nagios master>”.


From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Wolf Halton
Sent: Sunday, August 12, 2012 7:15 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] more fun with ssh


thanks.

http://evergreen-community-01.lyrasistechnology.org
http://sourcefreedom.com
Apache developer:
wolfhalton at apache.org<mailto:wolfhalton at apache.org>
On Aug 12, 2012 5:49 PM, "Jim Kinney" <jim.kinney at gmail.com<mailto:jim.kinney at gmail.com>> wrote:

You can force version 2 only in confug. Ssh_version 2 is setting I think.
On Aug 12, 2012 11:01 AM, "Wolf Halton" <wolf.halton at gmail.com<mailto:wolf.halton at gmail.com>> wrote:

On Sun, Aug 12, 2012 at 10:37 AM, Wolf Halton <wolf.halton at gmail.com<mailto:wolf.halton at gmail.com>> wrote:

On Sun, Aug 12, 2012 at 10:32 AM, Wolf Halton <wolf.halton at gmail.com<mailto:wolf.halton at gmail.com>> wrote:

On Sun, Aug 12, 2012 at 10:19 AM, Jim Kinney <jim.kinney at gmail.com<mailto:jim.kinney at gmail.com>> wrote:

It still tries to resolve the ip to a host name. If you're not using dns for that segment, put a name in etc/hosts.
On Aug 12, 2012 9:52 AM, "Wolf Halton" <wolf.halton at gmail.com<mailto:wolf.halton at gmail.com>> wrote:

Why would one of the hosts in my network take a very long time (over 10 seconds) to negotiate a connection from another host on the same lan. Using IP address only, no DNS resolution involved.

This would only be an interesting  oddity if it didn't time out nagios checks.

Wolf

http://evergreen-community-01.lyrasistechnology.org
http://sourcefreedom.com
Apache developer:
wolfhalton at apache.org<mailto:wolfhalton at apache.org>





_______________________________________________
Ale mailing list
Ale at ale.org<mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
Ale at ale.org<mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.10.56' is known and matches the RSA host key.
debug1: Found key in /home/nagios/.ssh/known_hosts:32
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
%% slowdown is right here %%
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/nagios/.ssh/identity
debug1: Offering public key: /home/nagios/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com<mailto:no-more-sessions at openssh.com>
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

Why would only this host have that slow-down and none of the others?
--
This Apt Has Super Cow Powers - http://sourcefreedom.com
Open-Source Software in Libraries - http://FOSS4Lib.org
Advancing Libraries Together - http://LYRASIS.org
Apache Open Office Developer wolfhalton at apache.org<mailto:wolfhalton at apache.org>

How would I get it to NOT check reverse DNS?
http://ubuntuforums.org/showthread.php?t=1699197

"Just add the parameter "UseDNS no" on /etc/ssh/sshd_config" to the remote host I am shelling into?

--
This Apt Has Super Cow Powers - http://sourcefreedom.com
Open-Source Software in Libraries - http://FOSS4Lib.org
Advancing Libraries Together - http://LYRASIS.org
Apache Open Office Developer wolfhalton at apache.org<mailto:wolfhalton at apache.org>

Well adding the nagios server to the /etc/hosts file of the slowpoke, worked for that server, and adding the "UseDNS no" parameter to the /etc/sshd_config file on the slowpoke made other local servers access it properly.
Now my question is, "Why does the system have to convert to SSH type I and how do I get it to use type II?

--
This Apt Has Super Cow Powers - http://sourcefreedom.com
Open-Source Software in Libraries - http://FOSS4Lib.org
Advancing Libraries Together - http://LYRASIS.org
Apache Open Office Developer wolfhalton at apache.org<mailto:wolfhalton at apache.org>


_______________________________________________
Ale mailing list
Ale at ale.org<mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
Ale at ale.org<mailto:Ale at ale.org>
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo





Athena®, Created for the Cause™

Making a Difference in the Fight Against Breast Cancer





How and Why I Should Support Bottled Water!
Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today!



---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120813/29dafd4e/attachment-0001.html

More information about the Ale mailing list