Prompt de comando demorando muito para aparecer após a conexão ssh

4

Eu tenho um servidor que está agindo muito estranho e espero que você me ajude a descobrir o que está acontecendo. Aqui estão os fatos:

  • O servidor tem dois usuários: root e myuser
  • O servidor aceita apenas conexões ssh usando pubkey
  • Se eu me conectar ao servidor como myuser do Putty (no Windows), a conexão levará alguns segundos e o prompt do cmd aparecerá imediatamente
  • Se eu me conectar ao servidor como myuser do Cygwin (no Windows), a conexão levará alguns segundos, mas demora cerca de 40 segundos para o prompt cmd aparecer. O mesmo ocorre quando se conecta a partir de um script PHP ou mesmo com ssh de outro servidor linux na mesma rede
  • No Cygwing estou usando OpenSSH_7.2p1, OpenSSL 1.0.2g , no PHP a biblioteca phpseclib e no outro servidor linux OpenSSH_5.3p1, OpenSSL 1.0.1e-fips
  • Tentar o mesmo procedimento com root produz os mesmos resultados

Assim, a conexão ssh é estabelecida corretamente em ambos os casos (os logs sshd escrevem session opened for user myuser ), mas em um caso os prompts cmd aparecem imediatamente e no outro demoram demais (60 segundos).

Alguma idéia do que poderia causar o problema? Se você precisar de mais informações sobre mensagens de logs ou arquivos de configuração, me avise nos comentários.

UPDATE 1

A execução de strace ssh [email protected] gera o seguinte:

**lot of stuff**

18:20:10 read(3, "Dq02+76r51225462D74$
18:20:10 ioctl(0, TIOCGWINSZ, {ws_row=60, ws_col=237, ws_xpixel=0, ws_ypixel=0}) = 0
18:20:10 getsockopt(3, SOL_TCP, TCP_NODELAY, [0], [4]) = 0
18:20:10 setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
18:20:10 getsockname(3, {sa_family=AF_INET, sin_port=htons(40713), sin_addr=inet_addr("190.9$
18:20:10 setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
18:20:10 select(7, [3], [3], NULL, NULL) = 1 (out [3])
18:20:10 write(3, "?325762x74>2K65)5071Zu,I!3Hv1$
18:20:10 select(7, [3], [], NULL, NULL) = 1 (in [3])
18:20:10 read(3, "7736442506zl0X5i073f$
18:20:10 select(7, [3 4], [], NULL, NULL) = 1 (in [3])
18:20:10 read(3, "J2546045<D\t5Y61!_107C2I2|\$
18:20:10 select(7, [3 4], [5], NULL, NULL) = 1 (out [5])
18:20:10 write(5, "Last login: Fri Mar  4 18:19:33 "..., 58) = 58
18:20:10 select(7, [3 4], [], NULL, NULL) = 1 (in [3])

# Here is where it waits 60 seconds

18:21:10 read(3, ":357P6.u&5273162aN33353\$
18:21:10 select(7, [3 4], [5], NULL, NULL) = 1 (out [5])
18:21:10 write(5, "[?1034h[securitybox@wordpress10"..., 41) = 41
18:21:10 select(7, [3 4], [], NULL, NULL) = 1 (in [4])
18:21:14 read(4, "e", 16384)            = 1
18:21:14 select(7, [3 4], [3], NULL, NULL) = 1 (out [3])
18:21:14 write(3, ":65J2w+3i041\vc024711o6$
18:21:14 select(7, [3 4], [], NULL, NULL) = 1 (in [3])
18:21:14 read(3, "eS2U<65f53<J1%1hx&k3 0\n^-P"..., 8$
18:21:14 select(7, [3 4], [5], NULL, NULL) = 1 (out [5])
18:21:14 write(5, "e", 1)               = 1
18:21:14 select(7, [3 4], [], NULL, NULL) = 1 (in [4])
18:21:14 read(4, "x", 16384)            = 1

**more stuff**

UPDATE 2

Saiba que depois do Último login: , quando ele estiver desligado, você pode pressionar Ctrl + C e ele mostrará o prompt de comando imediatamente. Então, parece que há um processo que está demorando demais na inicialização.

UPDATE 3

Eu aumentei o nível de depuração no lado do servidor e aqui estão as saídas dos lates antes de aguardar e aguardar:

Mar  4 17:15:31 thisserver.hostname sshd[2279]: debug3: PAM: opening session
Mar  4 17:15:32 thisserver.hostname sshd[2279]: pam_unix(sshd:session): session opened for user securitybox by (uid=0)
Mar  4 17:15:32 thisserver.hostname sshd[2279]: User child is on pid 2301
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: mm_request_receive entering
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: PAM: establishing credentials
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: permanently_set_uid: 10037/10037
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: set_newkeys: mode 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: set_newkeys: mode 1
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: Entering interactive session for SSH2.
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: fd 4 setting O_NONBLOCK
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: fd 6 setting O_NONBLOCK
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_init_dispatch_20
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: input_session_request
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: channel 0: new [server-session]
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: session_new: allocate (allocated 0 max 10)
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: session_unused: session id 0 unused
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_new: session 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_open: channel 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_open: session 0: link with channel 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_input_channel_open: confirm session
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_input_global_request: rtype [email protected] want_reply 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: Wrote 40 bytes for a total of 2701
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_by_channel: session 0 channel 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_input_channel_req: session 0 req pty-req
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: Allocating pty.
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: mm_request_send entering: type 26
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: mm_request_receive_expect entering: type 27
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: mm_request_receive entering
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: monitor_read: checking request 26
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: mm_answer_pty entering
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug2: session_new: allocate (allocated 0 max 10)
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: session_unused: session id 0 unused
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug1: session_new: session 0
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: ssh_selinux_setup_pty: setting TTY context on /dev/pts/6
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: ssh_selinux_setup_pty: done
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: mm_request_send entering: type 27
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: mm_answer_pty: tty /dev/pts/6 ptyfd 4
Mar  4 17:15:32 thisserver.hostname sshd[2279]: debug3: mm_request_receive entering
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_pty_req: session 0 alloc /dev/pts/6
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: server_input_channel_req: channel 0 request shell reply 1
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_by_channel: session 0 channel 0
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug1: session_input_channel_req: session 0 req shell
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: fd 3 setting TCP_NODELAY
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: channel 0: rfd 9 isatty
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug2: fd 9 setting O_NONBLOCK
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: fd 7 is O_NONBLOCK
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: Wrote 88 bytes for a total of 2789
Mar  4 17:15:32 thisserver.hostname sshd[2302]: debug1: Setting controlling tty using TIOCSCTTY.
Mar  4 17:15:32 thisserver.hostname sshd[2301]: debug3: Wrote 88 bytes for a total of 2877
Mar  4 17:15:32 thisserver.hostname sshd[2302]: debug3: Copy environment: SELINUX_ROLE_REQUESTED=
Mar  4 17:15:32 thisserver.hostname sshd[2302]: debug3: Copy environment: SELINUX_LEVEL_REQUESTED=
Mar  4 17:15:32 thisserver.hostname sshd[2302]: debug3: Copy environment: SELINUX_USE_CURRENT_RANGE=
Mar  4 17:15:32 thisserver.hostname sshd[2302]: debug3: channel 0: close_fds r -1 w -1 e -1

Depois de algum tempo, ao mesmo tempo em que o prompt aparece, ele imprime:

Mar  4 17:16:32 thisserver.hostname sshd[2301]: debug3: Wrote 72 bytes for a total of 2949

Lá você pode ver que demorou 60 segundos. sempre leva exatamente 60 segundos.

Aqui está a saída do mesmo log ao conectar usando o Putty (lembre-se de que o uso do Putty faz o prompt aparecer imediatamente).

Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: PAM: opening session
Mar  4 17:44:45 thisserver.hostname sshd[5505]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: set_newkeys: mode 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: cipher_init: set keylen (16 -> 32)
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: set_newkeys: mode 1
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: cipher_init: set keylen (16 -> 32)
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: Entering interactive session for SSH2.
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: fd 4 setting O_NONBLOCK
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: fd 5 setting O_NONBLOCK
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: server_init_dispatch_20
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: input_session_request
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: channel 0: new [server-session]
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: session_new: allocate (allocated 0 max 10)
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: session_unused: session id 0 unused
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_new: session 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_open: channel 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_open: session 0: link with channel 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: server_input_channel_open: confirm session
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: Wrote 52 bytes for a total of 3185
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_by_channel: session 0 channel 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_input_channel_req: session 0 req pty-req
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: Allocating pty.
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_pty_req: session 0 alloc /dev/pts/7
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: ssh_selinux_setup_pty: setting TTY context on /dev/pts/7
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: ssh_selinux_setup_pty: done
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: Wrote 36 bytes for a total of 3221
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: server_input_channel_req: channel 0 request shell reply 1
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_by_channel: session 0 channel 0
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug1: session_input_channel_req: session 0 req shell
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: fd 3 setting TCP_NODELAY
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: channel 0: rfd 8 isatty
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug2: fd 8 setting O_NONBLOCK
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: fd 6 is O_NONBLOCK
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: Wrote 88 bytes for a total of 3309
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug1: Setting controlling tty using TIOCSCTTY.
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: Wrote 100 bytes for a total of 3409
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug1: PAM: reinitializing credentials
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug1: permanently_set_uid: 0/0
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug3: Copy environment: SELINUX_ROLE_REQUESTED=
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug3: Copy environment: SELINUX_LEVEL_REQUESTED=
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug3: Copy environment: SELINUX_USE_CURRENT_RANGE=
Mar  4 17:44:45 thisserver.hostname sshd[5508]: debug3: channel 0: close_fds r -1 w -1 e -1
Mar  4 17:44:45 thisserver.hostname sshd[5505]: debug3: Wrote 84 bytes for a total of 3493

UPDATE 4

Descobri que o processo está pendente na chamada do sistema:

select(7, [3 4], [], NULL, NULL

Esta foi a saída de strace -p $PID , em que $PID é o pid do programa ssh enquanto permeia a conexão.

    
por Alvaro Flaño Larrondo 04.03.2016 / 17:32

3 respostas

1

A pesquisa reversa de DNS do sshd é sempre um candidato quando você tem longos atrasos de login. Você poderia tentar se definir

UseDNS no

no /etc/ssh/sshd.conf (e reiniciando o sshd depois) corrige o problema.

    
por 04.03.2016 / 17:57
1

Tente aumentar os níveis de depuração no lado do servidor, em vez do cliente.

Parece que talvez algo na pilha do PAM esteja demorando (possivelmente é o que está fazendo pesquisas lentas, etc., em vez do próprio sshd). O registro detalhado no lado do servidor ssh deve informar a você qual módulo pam (se houver algum) está atrasando as coisas e geralmente há opções para ativar o registro detalhado desses módulos que podem ajudar.

    
por 04.03.2016 / 21:08
0

Aproveitando a resposta da BeerSerc, usando a seguinte abordagem no UBUNTU LTS 14.05.5, obtive uma aparência mais rápida do prompt de comando depois de fornecer credenciais de nome de usuário e senha SSH com as seguintes alterações em meu sistema Linux:

...become root using su or preface the next two (2) lines with the sudo command...

#cd /etc/ssh
#vi sshd_config

...navigate to end of file, add following text...

# GL    2017-02-25      Turn off DNS lookups to speed up the appearance
#                       of the command prompt after SSH username and
#                       password have been supplied
UseDNS no

...save file and exit editor...

#/etc/init.d/ssh restart
    
por 25.02.2017 / 05:19

Tags