[ale] more fun with ssh

Wolf Halton wolf.halton at gmail.com
Tue Aug 14 07:35:27 EDT 2012 

I can see I have it querying the external domain-name of the network rather
than localdomain.

wolf at lva-01:~$ host 192.168.10.26
Host 26.10.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
wolf at lva-01:~$ host NAGIOS-01
NAGIOS-01.example.org has address 112.136.19.115
# Not real IP  This is the machine name, It's the public IP of the main
fqdn and catchall for improperly-named sub-domains, and not the private IP
by which  NAGIOS-01 communicates with the slowpoke

wolf at lva-01:~$ dig NAGIOS-01
Since this A record doesn't exist, the answers are useless.  However when I
dig the actual subdomain, nagios.example.org, it gives the right public IP.



On Mon, Aug 13, 2012 at 8:37 AM, Lightner, Jeff <JLightner at water.com> wrote:

>   If adding it to /etc/hosts resolved the issue it makes it sound as if
> your issue is name resolution.****
>
> ** **
>
> Is the slowpoke Linux?****
>
> What is in /etc/nsswitch.conf on the slowpoke for the “hosts” line?  (You
> may need to look at other lines for IPv6 if not Linux.)****
>
> If hosts line has “files” before “dns” what is in /etc/resolv.conf?   Does
> it try nis?****
>
> What happens if you try “host <nagios master>” from the slowpoke?  What if
> you try “dig <nagios master>”.****
>
> ** **
>
> ** **
>
> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Wolf
> Halton
> *Sent:* Sunday, August 12, 2012 7:15 PM
> *To:* Atlanta Linux Enthusiasts
> *Subject:* Re: [ale] more fun with ssh****
>
> ** **
>
> thanks.****
>
> http://evergreen-community-01.lyrasistechnology.org
> http://sourcefreedom.com
> Apache developer:
> wolfhalton at apache.org****
>
> On Aug 12, 2012 5:49 PM, "Jim Kinney" <jim.kinney at gmail.com> wrote:****
>
> You can force version 2 only in confug. Ssh_version 2 is setting I think.*
> ***
>
> On Aug 12, 2012 11:01 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:****
>
> ** **
>
> On Sun, Aug 12, 2012 at 10:37 AM, Wolf Halton <wolf.halton at gmail.com>
> wrote:****
>
> ** **
>
> On Sun, Aug 12, 2012 at 10:32 AM, Wolf Halton <wolf.halton at gmail.com>
> wrote:****
>
> ** **
>
> On Sun, Aug 12, 2012 at 10:19 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
> ****
>
> It still tries to resolve the ip to a host name. If you're not using dns
> for that segment, put a name in etc/hosts.****
>
> On Aug 12, 2012 9:52 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:****
>
>  Why would one of the hosts in my network take a very long time (over 10
> seconds) to negotiate a connection from another host on the same lan. Using
> IP address only, no DNS resolution involved.****
>
> This would only be an interesting  oddity if it didn't time out nagios
> checks.****
>
> Wolf****
>
> http://evergreen-community-01.lyrasistechnology.org
> http://sourcefreedom.com
> Apache developer:
> wolfhalton at apache.org****
>
> ** **
>
>
>
>
>
>        _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo****
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo****
>
> ** **
>
> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '192.168.10.56' is known and matches the RSA host key.
> debug1: Found key in /home/nagios/.ssh/known_hosts:32
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> %% slowdown is right here %%
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/nagios/.ssh/identity
> debug1: Offering public key: /home/nagios/.ssh/id_rsa
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug1: read PEM private key done: type RSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = en_US.UTF-8
>
> Why would only this host have that slow-down and none of the others?
> --
> This Apt Has Super Cow Powers - http://sourcefreedom.com
> Open-Source Software in Libraries - http://FOSS4Lib.org
> Advancing Libraries Together - http://LYRASIS.org
> Apache Open Office Developer wolfhalton at apache.org****
>
> ** **
>
> How would I get it to NOT check reverse DNS?
> http://ubuntuforums.org/showthread.php?t=1699197
>
> "Just add the parameter "UseDNS no" on /etc/ssh/sshd_config" to the remote
> host I am shelling into?
> ****
>
>
> --
> This Apt Has Super Cow Powers - http://sourcefreedom.com
> Open-Source Software in Libraries - http://FOSS4Lib.org
> Advancing Libraries Together - http://LYRASIS.org
> Apache Open Office Developer wolfhalton at apache.org****
>
>
> Well adding the nagios server to the /etc/hosts file of the slowpoke,
> worked for that server, and adding the "UseDNS no" parameter to the
> /etc/sshd_config file on the slowpoke made other local servers access it
> properly.
> Now my question is, "Why does the system have to convert to SSH type I and
> how do I get it to use type II?
>
> --
> This Apt Has Super Cow Powers - http://sourcefreedom.com
> Open-Source Software in Libraries - http://FOSS4Lib.org
> Advancing Libraries Together - http://LYRASIS.org
> Apache Open Office Developer wolfhalton at apache.org
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo****
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo****
>
>
>
>
>
> Athena®, Created for the Cause™
>
> Making a Difference in the Fight Against Breast Cancer
>
>
>
>
>
> *How and Why I Should Support Bottled Water!
> *Do not relinquish your right to choose bottled water as a healthy
> alternative to beverages that contain sugar, calories, etc. Your support of
> bottled water will make a difference! Your signatures count! Go to
> http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and
> sign a petition to support your right to always choose bottled water. Help
> fight federal and state issues, such as bottle deposits (or taxes) and
> organizations that want to ban the sale of bottled water. Support community
> curbside recycling programs. Support bottled water as a healthy way to
> maintain proper hydration. Our goal is 50,000 signatures. Share this
> petition with your friends and family today!
>
>
>
> ---------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you
> are not the intended recipient, any disclosure, copying, distribution, or
> use of the contents of this information is prohibited and may be unlawful.
> If you have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------****
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
This Apt Has Super Cow Powers - http://sourcefreedom.com
Open-Source Software in Libraries - http://FOSS4Lib.org
Advancing Libraries Together - http://LYRASIS.org
Apache Open Office Developer wolfhalton at apache.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120814/861c7e34/attachment-0001.html

More information about the Ale mailing list