About Beckman

I'm a big geek, serial entrepreneur and idea guy. I've been called names, such as PHP Guru, MySQL DBA, BOFH, Security God, etc. That and Peter-Peter-Pumpkin-Eater.

The image in the header is © Peter Beckman.

Archives

01 Jan - 31 Jan 2003
01 Feb - 28 Feb 2003
01 Mar - 31 Mar 2003
01 Apr - 30 Apr 2003
01 May - 31 May 2003
01 Jun - 30 Jun 2003
01 Jul - 31 Jul 2003
01 Aug - 31 Aug 2003
01 Sep - 30 Sep 2003
01 Oct - 31 Oct 2003
01 Feb - 28 Feb 2004
01 Jul - 31 Jul 2004
01 Aug - 31 Aug 2004
01 Oct - 31 Oct 2004
01 Mar - 31 Mar 2005
01 Apr - 30 Apr 2005
01 May - 31 May 2005
01 Jun - 30 Jun 2005
01 Jan - 31 Jan 2006
01 Jun - 30 Jun 2006
01 Feb - 28 Feb 2007
01 Apr - 30 Apr 2007
01 Sep - 30 Sep 2007
01 Mar - 31 Mar 2008
01 May - 31 May 2008
01 Jul - 31 Jul 2013
01 Sep - 30 Sep 2013
01 Apr - 30 Apr 2014
01 Jul - 31 Jul 2014
01 Dec - 31 Dec 2014
01 Dec - 31 Dec 2015

Links

AngryOx.com
Tossable Digits - Cheap, Anonymous, Disposable Phone Numbers
The Internet License Plate Database
Love & Onions (Jen, my wife)
Roadie Speaks Blog
BananaForce
AdCritic.com
Slashdot
I Love Ben Brown

Search!

Last Comments

Denny (A hybrid enclosed…): ohh..it looks damn intere…
Mellanni Coupons (A hybrid enclosed…): yeah… I want one that hyb…
Download SAP Prac… (Centrum Silver Ad…): Thank you very much for t…
Help With Enginee… (Wow, I'm fat.): I Personally Like Your Po…
Case Solution (Wow, I'm fat.): Hi Buddy, Your Blog’ S De…
Root Protection (This computer can…): I am facing the same situ…
moon (This computer can…): This is amazing thanks to…
resume service on… (3 Reasons to Dist…): It’s really hard to trust…
happy car rides (Under-Cabinet/Und…): USA can I observe this ca…
Best Dissertation… (Centrum Silver Ad…): I am really excited about…

Stuff

Powered by Pivot - 1.40.1: 'Dreadwind' 
XML: RSS Feed 
XML: Atom Feed 

« My Joost Beta Experie… | Home | This computer cannot … »

OSX, ssh, FreeBSD, login delays and a glass of red wine

Thursday 13 September 2007 at 12:28 am

I won’t bore the lot of you that could give two cents for what information I am about to offer. It’s extremely geeky, but it sucked up my entire evening of what could have been a productive night. To allow the rest of you having this problem to enjoy a productive and happy evening without banging your head against a wall, I’m sharing my solution to this annoying problem.

Don’t wanna read my blatherings? Add this to your ~/.ssh/config:

GSSAPIKeyExchange no

Voila, no more delays. No server config changes either. Hope you don’t have to use Kerberos! :-)

Read on to see how I got to this solution.

So a new hosting company set up two fresh from ISO 6.2 installs and enabled sshd for me. Using my trusty running 10.4.9, I attempted to connect to my brand-spanking new servers. When I ‘ed to the boxes, there was a 30-60 second delay before I got the password: prompt. Believing it to be the standard reverse DNS problem, I mucked with the nameserver entries in /etc/resolv.conf, but to no avail. I started playing around with __ UseDNS yes or no __ settings in the /etc/ssh/sshd_config, but still no luck. It’s starting to piss me off, and my red wine levels are dwindling.

I google, I yahoo, I search mailing lists on FreeBSD.org and the MacOSXhints.com Forums but I still fail at finding the issue. I can see the problem:

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5 !!! 30-60 second delay !!! debug1: Miscellaneous failure No credentials cache found

I make an educated guess that it is something Kerberos-related, so I disable anything Kerberos related in my servers sshd_config, but that doesn’t help. So I keep searching. Finally I discuss the issue with my genius geek friend Jay and he says he’s having the same problem, but had given up trying to solve it.

“well – I’ve given up… I tried for a couple hours and then said ‘screw it, nobody’s paying me for this.’ and that was pretty much that.” – Jay Kuri

Jay did mention something about Kerberos, which I had tried and seen mentioned with the whole “credentials” thing, but passed over when I tried disabling it on the server. I finally came across this blog entry and it suggested to add some GSSAPI config vars to your sshd_config. Well I already tried that, but, hey, let’s throw them in the /etc/ssh_config on my OS X MBP.

Poof! No more delays. All I added to my ~/.ssh/config was:

GSSAPIKeyExchange no

Stupid, stupid OpenSSH sucked 2 hours of my life. Damnit.

Used tags: , , ,
one comment

Your blog is really a good platform to get informative posts. Refer website to get reviews.
Even ever (Email) - 27 12 16 - 01:17


Trackback link:

Please enable javascript to generate a trackback url

  
Remember personal info?

Emoticons / Textile

To prevent automated comment-spam, we require you to answer this silly question.
 

  (Register your username / Log in)

Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.