ssh times out after authenticating

Hello, I’m encountering a situation where SSH connections are taking a very long time (upwards of 60 seconds) to finish authentication. This is causing several customers to timeout while connecting (presumably because their timeout threshold is lower than mine).

On those failing, here is what the server log looks like:

[code:1]
Dec 17 14:37:22 server sshd[2383]: subsystem request for sftp
Dec 17 14:42:16 server sshd[2564]: Accepted publickey for jsmith from ::ffff:75.54.121.31 port 2718 ssh2
[/code:1]
(nothing after this line)

If I take the log from SFTP, it looks like the following:

[code:1]
Status: Connecting to zenovations.com:27
Command: open “jsmith@domain.com” 27
Trace: Looking up host “domain.com
Trace: Connecting to xxx.xxx.xxx.xxx port 27
Trace: Server version: SSH-1.99-OpenSSH_3.9p1
Trace: Using SSH protocol version 2
Trace: We claim version: SSH-2.0-PuTTY_Local:_Dec__2_2008_18:24:41
Trace: Host key fingerprint is:
Trace: ssh-rsa 1024 54:b1:a7:be:76:2b:2e:c1:cd:29:c7:d1:d3:00:b9:79
Trace: Pageant is running. Requesting keys.
Trace: Pageant has 1 SSH-2 keys
Trace: Successfully loaded 1 key pair from file
Trace: Trying Pageant key #0
Trace: Sending Pageant’s response
Trace: Access granted
Error: Connection timed out
Error: Could not connect to server
[/code:1]
(fails after this line)

Notice how the pubkey authentication succeeds, then it times out :frowning:

The same software (Filezilla) works fine on a different box, with an older version, which presumably has a shorter timeout.

Any ideas on what could be causing SSH to take so long to authenticate? Any idea on how I can log some more useful data to share?

Thanks, in advance<br><br>Post edited by: kato, at: 2008/12/17 12:48

Hi Kato,

So it sounds like you’re saying it takes quite awhile for anyone making an SSH connection, not just from one host or user in particular?

Sometimes when DNS isn’t working right, SSH can take a long time to respond – is it possible something is awry with DNS at the moment?

For example, if you log into the command line, and type:

dig google.com

Do you get a list of Google IP addresses? And what is listed for the "Query Time" at the bottom? I receive "2 msec" on the server here.
-Eric

dig google.com returns meaningful answers in 43ms - not 8 but still not shabby I pose.

All the customers reporting problems are on one of two ISPs, including me. So I’m not positive it couldn’t be related to an ISP issue, like not returning an in-arpa for reverse dns.

But I don’t really have any idea where to look. I can reach the box, albeit after around 30 seconds of delay on the login, but other users, particularly ftp users, are timing out in a most unsatisfactory manner.

Any ideas on how I should proceed? This is a dedicated server and the OS was installed by the facility. If it’s something likely to be related to the OS config, I might be able to ask them for ideas (though they often charge by the hour if they don’t like the request, so I’d like to try it myself first).

Yeah, it sounds like your DNS is okay.

I’d be happy to try connecting via SSH myself if you like, I could tell you if I run into the same issue or not.

If you want to try that, feel free to email me login details for an account (doesn’t have to be root) to eric@virtualmin.com – include a link to this forum post in the body of the email if you can.

Also, I’d love to see a copy of your /etc/ssh/sshd_config file, maybe something odd is in there.
-Eric