[wplug] ssh with VPN question

Moshe Hyzon mokatz at gmail.com
Fri Mar 19 20:16:58 EDT 2010 

I bet you it is dns lookups timing out.  After you connect to the VPN,  
the Linux box's Dns servers change to your work servers, so lookups  
for your mac's address fail after a timeout.

Moshe

--
Moshe Hyzon (Mobile)

This email may contain confidential information. Please delete it if  
you are not the intended recipient.

On Mar 19, 2010, at 19:06, Rick Reynolds <rick at rickandviv.net> wrote:

> My work only allows connection via VPN.  My main machine is a Mac  
> which they won't support.
>
> They do support Linux connections to the VPN, however.  So I'm  
> working on a system whereby I connect to work via a CentOS Linux box  
> and then use ssh tunneling through that box to get to services  
> within my company's network.
>
> It all works just fine.  Except that ssh is VERY SLOW to make the  
> connection while the VPN is up.
>
> So what I'm seeing:
>
> 1. I ssh to the Linux box (which connects just about immediately)  
> and start the command line VPN client.
> 2. I then attempt another ssh connection to the Linux box and it  
> takes a little over 1 minute to make the ssh connection (I measured  
> 1:12).
>
> If I turn off the VPN connection to work, ssh is fast again.
>
> It looks like it is the ssh protocol itself that is seeing a  
> slowdown.  When I add -vv to my ssh command line, it spews a bunch  
> of debug info and stops at this point for some seconds:
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
> debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
> debug1: Authentications that can continue: publickey,gssapi-with- 
> mic,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /Users/rick/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
>
> Then at this point:
>
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b: 
> 0f:c5:76:e0:a9:ef:81:e2:e6
> debug1: read PEM private key done: type RSA
>
> Then here for the bulk of the time:
>
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug2: channel 0: send open
> debug1: Entering interactive session.
>
> Then another stop after this:
>
> debug2: callback start
> debug2: client_session2_setup: id 0
> debug2: channel 0: request pty-req confirm 1
> debug1: Sending environment.
> debug2: channel 0: request shell confirm 1
> debug2: fd 3 setting TCP_NODELAY
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: PTY allocation request accepted on channel 0
> debug2: channel 0: rcvd adjust 2097152
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: shell request accepted on channel 0
>
> And then this message comes out with another delay:
>
> Last login: Fri Mar 19 18:52:16 2010 from jordan
>
> And then I'm logged in.
>
> Any ideas on how I can debug this?
>
>
> Thanks,
> Rick Reynolds
> -- 
> I had a dream that I was eating my pillow, and in the morning my  
> giant marshmallow was gone!
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list