[wplug] ssh with VPN question
Patrick Weber
paw160 at yahoo.com
Fri Mar 19 21:40:35 EDT 2010
A little off the wall, but have you tried any other authentication method? I experience a fairly long authentication delay through my vpn when using public key. Password auth runs much faster for me.
-Pat
________________________________
From: Rick Reynolds <rick at rickandviv.net>
To: General user list <wplug at wplug.org>
Sent: Fri, March 19, 2010 9:31:08 PM
Subject: Re: [wplug] ssh with VPN question
I appreciate your help. Your mentioning the DNS helped me figure out the issue (I think).
My local network is 10.0.0.0/24 and one of the nameservers at work is 10.0.0.100. I think I'm having issue with two networks overlapping.
I may just live with the slowness. I could change my local network to something else, but I want to think about that a bit more before trying that.
Thanks,
Rick Reynolds
--
"Think like a man of action, act like a man of thought." -- Henry Bergson
On Mar 19, 2010, at 9:16 PM, Moshe Hyzon wrote:
> pings from your mac or from your Linux box? it would be the Linux box
> that would have incorrect (for your home network) DNS. Any chance you
> could hardcode the mac's address in the Linux box's /etc/hosts? or
> turn off reverse dns lookup in ssh on the Linux box.
>
> Moshe
>
> --
> Moshe Hyzon (Mobile)
>
> This email may contain confidential information. Please delete it if
> you are not the intended recipient.
>
> On Mar 19, 2010, at 21:00, Rick Reynolds <rick at rickandviv.net> wrote:
>
>> Interesting. When I attempt pinging of the outside world and
>> servers inside my company's network while the VPN is up, there is a
>> substantial delay. But pinging of the Linux machine that is
>> connected to the VPN from another machine on my network is fast.
>>
>> Thanks,
>> Rick Reynolds
>> --
>> "You know what the three big lies are, don't you? 'The check is in
>> the mail,' 'I'll still respect you in the morning,' and 'the
>> Keyboard will be out in the spring.'" -- Jay Leno at the Mattel
>> Electronics 1981 Christmas party
>>
>>
>> On Mar 19, 2010, at 8:57 PM, Rick Reynolds wrote:
>>
>>> Hmm... Not too sure about that. Ping commands return very quickly
>>> when I use the name.
>>>
>>> Thanks,
>>> Rick Reynolds
>>> --
>>> "Your brain's operating system isn't written in C++" -- Steve Yegge
>>>
>>>
>>>
>>>
>>> On Mar 19, 2010, at 8:16 PM, Moshe Hyzon wrote:
>>>
>>>> I bet you it is dns lookups timing out. After you connect to the
>>>> VPN,
>>>> the Linux box's Dns servers change to your work servers, so lookups
>>>> for your mac's address fail after a timeout.
>>>>
>>>> Moshe
>>>>
>>>> --
>>>> Moshe Hyzon (Mobile)
>>>>
>>>> This email may contain confidential information. Please delete it if
>>>> you are not the intended recipient.
>>>>
>>>> On Mar 19, 2010, at 19:06, Rick Reynolds <rick at rickandviv.net>
>>>> wrote:
>>>>
>>>>> My work only allows connection via VPN. My main machine is a Mac
>>>>> which they won't support.
>>>>>
>>>>> They do support Linux connections to the VPN, however. So I'm
>>>>> working on a system whereby I connect to work via a CentOS Linux
>>>>> box
>>>>> and then use ssh tunneling through that box to get to services
>>>>> within my company's network.
>>>>>
>>>>> It all works just fine. Except that ssh is VERY SLOW to make the
>>>>> connection while the VPN is up.
>>>>>
>>>>> So what I'm seeing:
>>>>>
>>>>> 1. I ssh to the Linux box (which connects just about immediately)
>>>>> and start the command line VPN client.
>>>>> 2. I then attempt another ssh connection to the Linux box and it
>>>>> takes a little over 1 minute to make the ssh connection (I measured
>>>>> 1:12).
>>>>>
>>>>> If I turn off the VPN connection to work, ssh is fast again.
>>>>>
>>>>> It looks like it is the ssh protocol itself that is seeing a
>>>>> slowdown. When I add -vv to my ssh command line, it spews a bunch
>>>>> of debug info and stops at this point for some seconds:
>>>>>
>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>> debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
>>>>> debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
>>>>> debug1: Authentications that can continue: publickey,gssapi-with-
>>>>> mic,password
>>>>> debug1: Next authentication method: publickey
>>>>> debug1: Offering public key: /Users/rick/.ssh/id_rsa
>>>>> debug2: we sent a publickey packet, wait for reply
>>>>>
>>>>> Then at this point:
>>>>>
>>>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>>>> debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b:
>>>>> 0f:c5:76:e0:a9:ef:81:e2:e6
>>>>> debug1: read PEM private key done: type RSA
>>>>>
>>>>> Then here for the bulk of the time:
>>>>>
>>>>> debug1: Authentication succeeded (publickey).
>>>>> debug1: channel 0: new [client-session]
>>>>> debug2: channel 0: send open
>>>>> debug1: Entering interactive session.
>>>>>
>>>>> Then another stop after this:
>>>>>
>>>>> debug2: callback start
>>>>> debug2: client_session2_setup: id 0
>>>>> debug2: channel 0: request pty-req confirm 1
>>>>> debug1: Sending environment.
>>>>> debug2: channel 0: request shell confirm 1
>>>>> debug2: fd 3 setting TCP_NODELAY
>>>>> debug2: callback done
>>>>> debug2: channel 0: open confirm rwindow 0 rmax 32768
>>>>> debug2: channel_input_status_confirm: type 99 id 0
>>>>> debug2: PTY allocation request accepted on channel 0
>>>>> debug2: channel 0: rcvd adjust 2097152
>>>>> debug2: channel_input_status_confirm: type 99 id 0
>>>>> debug2: shell request accepted on channel 0
>>>>>
>>>>> And then this message comes out with another delay:
>>>>>
>>>>> Last login: Fri Mar 19 18:52:16 2010 from jordan
>>>>>
>>>>> And then I'm logged in.
>>>>>
>>>>> Any ideas on how I can debug this?
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Rick Reynolds
>>>>> --
>>>>> I had a dream that I was eating my pillow, and in the morning my
>>>>> giant marshmallow was gone!
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> wplug mailing list
>>>>> wplug at wplug.org
>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20100319/0fe51c59/attachment.html
More information about the wplug
mailing list