[wplug] ssh with VPN question

Patrick Weber paw160 at yahoo.com
Fri Mar 19 21:40:35 EDT 2010 

A little off the wall, but have you tried any other authentication method?  I experience a fairly long authentication delay through my vpn when using public key.  Password auth runs much faster for me.

-Pat



________________________________
From: Rick Reynolds <rick at rickandviv.net>
To: General user list <wplug at wplug.org>
Sent: Fri, March 19, 2010 9:31:08 PM
Subject: Re: [wplug] ssh with VPN question

I appreciate your help.  Your mentioning the DNS helped me figure out the issue (I think).

My local network is 10.0.0.0/24 and one of the nameservers at work is 10.0.0.100.  I think I'm having issue with two networks overlapping.

I may just live with the slowness.  I could change my local network to something else, but I want to think about that a bit more before trying that.

Thanks,
Rick Reynolds
-- 
"Think like a man of action, act like a man of thought." -- Henry Bergson


On Mar 19, 2010, at 9:16 PM, Moshe Hyzon wrote:

> pings from your mac or from your Linux box?  it would be the Linux box  
> that would have incorrect (for your home network) DNS. Any chance you  
> could hardcode the mac's address in the Linux box's /etc/hosts?  or  
> turn off reverse dns lookup in ssh on the Linux box.
> 
> Moshe
> 
> --
> Moshe Hyzon (Mobile)
> 
> This email may contain confidential information. Please delete it if  
> you are not the intended recipient.
> 
> On Mar 19, 2010, at 21:00, Rick Reynolds <rick at rickandviv.net> wrote:
> 
>> Interesting.  When I attempt pinging of the outside world and  
>> servers inside my company's network while the VPN is up, there is a  
>> substantial delay.  But pinging of the Linux machine that is  
>> connected to the VPN from another machine on my network is fast.
>> 
>> Thanks,
>> Rick Reynolds
>> -- 
>> "You know what the three big lies are, don't you? 'The check is in  
>> the mail,' 'I'll still respect you in the morning,' and 'the  
>> Keyboard will be out in the spring.'" -- Jay Leno at the Mattel  
>> Electronics 1981 Christmas party
>> 
>> 
>> On Mar 19, 2010, at 8:57 PM, Rick Reynolds wrote:
>> 
>>> Hmm... Not too sure about that.  Ping commands return very quickly  
>>> when I use the name.
>>> 
>>> Thanks,
>>> Rick Reynolds
>>> -- 
>>> "Your brain's operating system isn't written in C++" -- Steve Yegge
>>> 
>>> 
>>> 
>>> 
>>> On Mar 19, 2010, at 8:16 PM, Moshe Hyzon wrote:
>>> 
>>>> I bet you it is dns lookups timing out.  After you connect to the  
>>>> VPN,
>>>> the Linux box's Dns servers change to your work servers, so lookups
>>>> for your mac's address fail after a timeout.
>>>> 
>>>> Moshe
>>>> 
>>>> --
>>>> Moshe Hyzon (Mobile)
>>>> 
>>>> This email may contain confidential information. Please delete it if
>>>> you are not the intended recipient.
>>>> 
>>>> On Mar 19, 2010, at 19:06, Rick Reynolds <rick at rickandviv.net>  
>>>> wrote:
>>>> 
>>>>> My work only allows connection via VPN.  My main machine is a Mac
>>>>> which they won't support.
>>>>> 
>>>>> They do support Linux connections to the VPN, however.  So I'm
>>>>> working on a system whereby I connect to work via a CentOS Linux  
>>>>> box
>>>>> and then use ssh tunneling through that box to get to services
>>>>> within my company's network.
>>>>> 
>>>>> It all works just fine.  Except that ssh is VERY SLOW to make the
>>>>> connection while the VPN is up.
>>>>> 
>>>>> So what I'm seeing:
>>>>> 
>>>>> 1. I ssh to the Linux box (which connects just about immediately)
>>>>> and start the command line VPN client.
>>>>> 2. I then attempt another ssh connection to the Linux box and it
>>>>> takes a little over 1 minute to make the ssh connection (I measured
>>>>> 1:12).
>>>>> 
>>>>> If I turn off the VPN connection to work, ssh is fast again.
>>>>> 
>>>>> It looks like it is the ssh protocol itself that is seeing a
>>>>> slowdown.  When I add -vv to my ssh command line, it spews a bunch
>>>>> of debug info and stops at this point for some seconds:
>>>>> 
>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>> debug2: key: /Users/rick/.ssh/id_rsa (0x100125a40)
>>>>> debug2: key: /Users/rick/.ssh/id_dsa (0x100125e70)
>>>>> debug1: Authentications that can continue: publickey,gssapi-with-
>>>>> mic,password
>>>>> debug1: Next authentication method: publickey
>>>>> debug1: Offering public key: /Users/rick/.ssh/id_rsa
>>>>> debug2: we sent a publickey packet, wait for reply
>>>>> 
>>>>> Then at this point:
>>>>> 
>>>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>>>> debug2: input_userauth_pk_ok: fp 6c:24:7d:03:3c:fd:3b:
>>>>> 0f:c5:76:e0:a9:ef:81:e2:e6
>>>>> debug1: read PEM private key done: type RSA
>>>>> 
>>>>> Then here for the bulk of the time:
>>>>> 
>>>>> debug1: Authentication succeeded (publickey).
>>>>> debug1: channel 0: new [client-session]
>>>>> debug2: channel 0: send open
>>>>> debug1: Entering interactive session.
>>>>> 
>>>>> Then another stop after this:
>>>>> 
>>>>> debug2: callback start
>>>>> debug2: client_session2_setup: id 0
>>>>> debug2: channel 0: request pty-req confirm 1
>>>>> debug1: Sending environment.
>>>>> debug2: channel 0: request shell confirm 1
>>>>> debug2: fd 3 setting TCP_NODELAY
>>>>> debug2: callback done
>>>>> debug2: channel 0: open confirm rwindow 0 rmax 32768
>>>>> debug2: channel_input_status_confirm: type 99 id 0
>>>>> debug2: PTY allocation request accepted on channel 0
>>>>> debug2: channel 0: rcvd adjust 2097152
>>>>> debug2: channel_input_status_confirm: type 99 id 0
>>>>> debug2: shell request accepted on channel 0
>>>>> 
>>>>> And then this message comes out with another delay:
>>>>> 
>>>>> Last login: Fri Mar 19 18:52:16 2010 from jordan
>>>>> 
>>>>> And then I'm logged in.
>>>>> 
>>>>> Any ideas on how I can debug this?
>>>>> 
>>>>> 
>>>>> Thanks,
>>>>> Rick Reynolds
>>>>> -- 
>>>>> I had a dream that I was eating my pillow, and in the morning my
>>>>> giant marshmallow was gone!
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> wplug mailing list
>>>>> wplug at wplug.org
>>>>> http://www.wplug.org/mailman/listinfo/wplug
>>>> _______________________________________________
>>>> wplug mailing list
>>>> wplug at wplug.org
>>>> http://www.wplug.org/mailman/listinfo/wplug
>>> 
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>> 
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20100319/0fe51c59/attachment.html

More information about the wplug mailing list