[wplug] ssh with VPN question

Rick Reynolds rick at rickandviv.net
Fri Mar 19 19:06:47 EDT 2010 

My work only allows connection via VPN.  My main machine is a Mac which they won't support.

They do support Linux connections to the VPN, however.  So I'm working on a system whereby I connect to work via a CentOS Linux box and then use ssh tunneling through that box to get to services within my company's network.

It all works just fine.  Except that ssh is VERY SLOW to make the connection while the VPN is up.

So what I'm seeing:

1. I ssh to the Linux box (which connects just about immediately) and start the command line VPN client.
2. I then attempt another ssh connection to the Linux box and it takes a little over 1 minute to make the ssh connection (I measured 1:12).

If I turn off the VPN connection to work, ssh is fast again.

It looks like it is the ssh protocol itself that is seeing a slowdown.  When I add -vv to my ssh command line, it spews a bunch of debug info and stops at this point for some seconds:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/rick/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply

Then at this point:

debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b:0f:c5:76:e0:a9:ef:81:e2:e6
debug1: read PEM private key done: type RSA

Then here for the bulk of the time:

debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.

Then another stop after this:

debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

And then this message comes out with another delay:

Last login: Fri Mar 19 18:52:16 2010 from jordan

And then I'm logged in.

Any ideas on how I can debug this?


Thanks,
Rick Reynolds
-- 
I had a dream that I was eating my pillow, and in the morning my giant marshmallow was gone!

More information about the wplug mailing list