Fedora Linux Support Community & Resources Center
  #1  
Old 24th July 2011, 04:29 AM
usfish Offline
Registered User
 
Join Date: Jul 2011
Posts: 3
linuxchrome
always took forever to initiate an SSH connection

Hi all,

The server is using fedora 15. from my computer it always takes forever to initiate a connection. Below is the log. Here MYHOST is not actually an IP address not a hostname, but somehow I kept having this error:

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

How should I resolve it? thanks!

USERNAME@USERNAME-laptop:~$ ssh -v MYHOST
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to MYHOST [MYHOST] port 22.
debug1: Connection established.
debug1: identity file /home/USERNAME/.ssh/identity type -1
debug1: identity file /home/USERNAME/.ssh/id_rsa type -1
debug1: identity file /home/USERNAME/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied


debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'MYHOST' is known and matches the RSA host key.
debug1: Found key in /home/USERNAME/.ssh/known_hosts:21
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied


debug1: Next authentication method: publickey
debug1: Trying private key: /home/USERNAME/.ssh/identity
debug1: Trying private key: /home/USERNAME/.ssh/id_rsa
debug1: Trying private key: /home/USERNAME/.ssh/id_dsa
debug1: Next authentication method: password
USERNAME@MYHOST's password:
Reply With Quote
  #2  
Old 24th July 2011, 04:37 AM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 5,898
linuxfirefox
Re: always took forever to initiate an SSH connection

SSH's verbose mode is showing you the problem when it says
Quote:
debug1: An invalid name was supplied
you did this:

ssh -v MYHOST

But the syntax that ssh wants is either:

ssh -v username@MYHOST

or

ssh -v -l username MYHOST

Here's the entire set of commands that ssh uses with the -l and the other
user@host options bolded

ssh --help
Quote:
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w local_tun[:remote_tun]] [user@]hostname [command]
Reply With Quote
  #3  
Old 24th July 2011, 05:32 AM
usfish Offline
Registered User
 
Join Date: Jul 2011
Posts: 3
windows_xp_2003chrome
Re: always took forever to initiate an SSH connection

Quote:
Originally Posted by marko View Post
SSH's verbose mode is showing you the problem when it says
you did this:

ssh -v MYHOST

But the syntax that ssh wants is either:

ssh -v username@MYHOST

or

ssh -v -l username MYHOST

Here's the entire set of commands that ssh uses with the -l and the other
user@host options bolded

ssh --help

oh, my local username and the remote username happen to be the same, so i thought ssh MYHOST and ssh USERNAME@MYHOST should be the same?
Reply With Quote
  #4  
Old 24th July 2011, 06:03 AM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,553
linuxfedorafirefox
Re: always took forever to initiate an SSH connection

Quote:
Originally Posted by marko View Post
SSH's verbose mode is showing you the problem when it says
you did this:
Yes - that's the message of concern ....

Quote:
ssh -v MYHOST

But the syntax that ssh wants is either:

ssh -v username@MYHOST

or

ssh -v -l username MYHOST

Nope - wrong. The "-l login_name" is optional and the user part of "[user@]host" is optional. That is NOT the problem. The man pages shows thatthe CURRENT local user name is used if none is supplied.

==============

The OP should re-run the ssh command as ...
ssh -vvv MYHOST
and he should also carefully note WHERE i nthe strea mof verbose messages any bit time delay occurs.


I strongly suspect the problem is that his system(s) are trying several authentication methods that are not supported on his systems.

These messages:
Quote:
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
refer the the Kerberos REALM. Unless this OP want to use Kereros authentication this is a waste of time.

These messages
Quote:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
indicate that gssapi (sort of a secure RPC based on Kerberos) is being tried.


So for most home users the ONLY sorts of ssh authentication they will ever want is password and public-key. If this is the case ,then the solution is to change the ssh or sshd configuration.

If the OP controls the server (the Ubuntu sshd server) then he can modify the /etc/ssh/sshd_config file.
Adding these lines to the TOP of that file and restarting the server will limit the accepted authentication methods:
Quote:
ChallengeResponseAuthentication no
GSSAPIAuthentication no
KerberosAuthentication no
PasswordAuthentication yes
PubkeyAuthentication yes
RSAAuthentication no
RhostsRSAAuthentication no
Then reboot server or restart the sshd service.


You can also control the Auth order this from the client. On the client you can edit the /etc/ssh/ssh_config file and change the contents to contain this line.
Quote:
PreferredAuthentications publickey,keyboard-interactive,password,gssapi-with-mic,hostbased
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Reply With Quote
  #5  
Old 24th July 2011, 06:36 AM
smr54 Offline
Registered User
 
Join Date: Jan 2010
Posts: 5,390
linuxchrome
Re: always took forever to initiate an SSH connection

It's also useful to stop sshd and run it with -ddd (for debug) on the remote host.

Often, a delay is caused by the remote machine trying to do remote DNS lookup. This can sometimes be fixed by having the client and host in each other's /etc/hosts files.

One way to test is to briefly, on the server, look for the line

#UseDNS yes

Uncomment it, change it to no so that it looks like

UseDNS no

if the connection is then quick, that's the answer, and usually, adding the server and client to each other's host files will fix it.
Reply With Quote
  #6  
Old 24th July 2011, 07:36 AM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,553
linuxfedorafirefox
Re: always took forever to initiate an SSH connection

Good ideas - tho I think
sshd -Dddd
which keeps sshd in foreground might be a notch better.

You may be right about DNS - but probably it's trying to resolve kerberos realms - which is dependent on the DNS.
Getitng rid of unneeded authentications is likely to solve the problem.
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Reply With Quote
  #7  
Old 24th July 2011, 12:56 PM
smr54 Offline
Registered User
 
Join Date: Jan 2010
Posts: 5,390
linuxchrome
Re: always took forever to initiate an SSH connection

Thank you stevea, that's actually what I meant to write--shouldn't post so late. Yes, stop sshd in /etc/services (service sshd stop) and start it in the foreground, the way stevea has posted in bold. Although, in practice, I've never had to put the -D (the upper case D means run in foreground) to get it to run in the foreground, it's better to use the correct command than to do it sloppily and hope it might work.
Reply With Quote
  #8  
Old 20th May 2012, 03:59 PM
DHR Offline
Registered User
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 8
linuxfirefox
Re: always took forever to initiate an SSH connection

I had this problem. It is probably true that I could have avoided it by suppressing GSSAPIAuthentication. But since I've never had to do that before, I tried to figure out a different solution.

It turns out that the server's IP address had no reverse DNS entry. When I fixed that, the login speed was much better. Of course not everyone has the authority to fix reverse DNS entries for the IP address that they care about.
Reply With Quote
Reply

Tags
ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I initiate hardware discovery - FC15? Malkosha Hardware & Laptops 0 3rd June 2011 07:52 PM
log on takes forever if I have no WAN connection mckechan Using Fedora 15 29th January 2008 03:06 PM
Grub wont initiate XP djXternal Installation, Upgrades and Live Media 3 14th October 2007 07:56 AM
How To Initiate Upgrade from FC4 to FC5 Altstatten EOL (End Of Life) Versions 10 5th July 2006 06:25 AM
How to automatically initiate autorun on inserting a cd Maverick-23feb Guides & Solutions (No Questions) 5 14th July 2005 10:19 AM


Current GMT-time: 09:27 (Saturday, 19-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat