just wondering really, when i ssh into my server using

CODE

ssh leu@commadore

i have to wait about 10 seconds before it prompts me for a password

but if i ssh into my laptop, using the same method (different ip obviously :rolleyes: ) it prompts for the password almost instantly

so has anyone got any ideas why i have to wait so long for a password prompt ??

cheers

yeah, it's usually the encryption method your server uses to encrypt the data to you... which takes up processor time. That's my experience anyway. it doesn't eat up all your processor for those 10 seconds, but if you use better encryption it will be slower.

The thing to do is to actually type:

CODE

ssh leu@commadore

This will turn on verbose mode, so you can see exactly which step is taking the time... :D

QUOTE (fishsponge @ May 19 2003, 08:24 AM)

The thing to do is to actually type: CODE ssh leu@commadore This will turn on verbose mode, so you can see exactly which step is taking the time... :D

Is it me, or is that code exactly the same as zmerlinz posted? :rolleyes:

ok, i meant to say type the following:

CODE

ssh leu@commadore -v

:P

thanks i will give that a go :P

this is what it was doing while i had to wait

CODE

debug1: authentications that can continue: publickey,password debug1: next auth method to try is publickey debug1: try privkey: /home/leu/.ssh/identity debug1: try privkey: /home/leu/.ssh/id_rsa debug1: try privkey: /home/leu/.ssh/id_dsa debug1: next auth method to try is password

any ideas ??

what it's doing is trying to work out what type of authentication it can use...

CODE

debug1: authentications that can continue: publickey,password

valid options for SSH authentication are: publickey (certificate-based auth) and password (password-based auth).

CODE

debug1: next auth method to try is publickey

the prefered method of authentication is certificate based, so it tries this first...

CODE

debug1: try privkey: /home/leu/.ssh/identity

first of all it tries to find your certificate identify/profile type thing.

CODE

debug1: try privkey: /home/leu/.ssh/id_rsa

then looks for an RSA key with which to encrypt the data.

CODE

debug1: try privkey: /home/leu/.ssh/id_dsa

after it decides no RSA key exists, it looks for a DSA key. Unfortunately, this doesn't exist either, so...

CODE

debug1: next auth method to try is password

it resorts to using password authentication, and shortly after, prompts you for your password!

HTH :D

is there anyway to stop if faffing about like that and go straight to the password authentication ??

of course there's a way! :D ...we just have to find it... if yo are using SSH Protocol 1.x, then the following may come in useful from "/etc/ssh/sshd_config":

CODE

# SSH protocol v1 specific options # # The following options only apply to the v1 protocol and provide # some form of backwards compatibility with the very weak security # of /usr/bin/rsh.  Their use is not recommended and the functionality # will be removed when support for v1 protocol is removed. # Should sshd use .rhosts and .shosts for password less authentication. IgnoreRhosts yes RhostsAuthentication no # Rhosts RSA Authentication # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts. # If the user on the client side is not root then this won't work on # Solaris since /usr/bin/ssh is not installed setuid. RhostsRSAAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication. #IgnoreUserKnownHosts yes # Is pure RSA authentication allowed. # Default is yes RSAAuthentication yes

also take a look at "man ssh", and search for "SSH protocol version 1", and "SSH protocol version 2". These explain the login process in much more detail.

i can't find anything else i'm afraid... SSH naturally is going to be slower than telnet anyway though, due to the secureness of it.

cool cheers :)

let me know what you do to make it work, ok??

a side note... i doubt you are using protocol 1, as 2.0 is the current version and has been for some time. if you are not using protocol 1, then that section of the config won't help you in the slightest...

so i need to disable RSA and DSA ???

here is my sshd_config file, tis a little more complicated than what you displayed :huh:

CODE

#       $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $ # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # This is the sshd server system-wide configuration file.  See sshd(8) # for more information. Port 22 Protocol 1,2 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key #HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes                                                                                 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging                                                                                 RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication no                                                                                 # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no                                                                                 # Uncomment to disable s/key passwords ChallengeResponseAuthentication no                                                                                 # Uncomment to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes                                                                                 # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no                                                                                 # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes                                                                                 #CheckMail yes #UseLogin no                                                                                 #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes                                                                                 Subsystem       sftp    /usr/lib/ssh/sftp-server

hmm.... i'm afraid i now have absolutely no idea :blink: :blink:

ah well, i will mess about with it over the weekend and get back to you on it 's progress :D