ssh oddness

[hobbes2112]

I have been having some problems with my ssh server recently. The odd thing is this just sprung up, I changed nothing.

When I want to ssh into my machine it takes a long time (used to be almost immediate) to prompt me for a password. When I do finally get the prompt, you have to type really fast or you get dropped.

This is only from my windows machine using several ssh clients. (meaning I have tried a bunch, not all at the same time)

from other unix I have a different problem. I am always prompted for S/KEY even though I don't have that set up (or so I think). Eventually though it prompts for a normal pass, and I can get in.

Any thoughts?

edit: added some clarifications

[anfpunk]

for the windows client problem. If you are connecting ssh2 it will be slow but more secure. If you want it to be faster do ssh1 and it will be a lot faster though it does lose some of it's security. I've never ssh'd with a *nix box before.

[PDR60]

I hate to say this but it almost sounds like the SSH install may need to be reinstalled. I use both ssh1 and 2 at work and had a similar problem. I tried alot of different things. I finally asked a UNIX guru
(17 years in the unix enviornment) and he told me just reinstall right on top of the existing config. Sounds like windows huh? well anyway it worked and everything is working well now.

[hobbes2112]

reinstall huh?

so what is the best way to do this?

through the ports or through

/usr/src/secure/lib/libssh make
/usr/src/secure/usr.bin/ssh make && make install

[sourdaisy]

Since you're talking about ports, I assume this is FreeBSD. If so, just remove the port and then reinstall it. That's the easiest way.

[Kernel Panic]

One thing to check before you start reinstalling:

DNS -- Make sure the machine you are attempting to connect to has
(at least) a host entry for that machine. SSH does a GetHostByName call and that can cause the excessively long response.

If you are using PuTTy's SSH2 for your ssh connection uncheck the 'Attemp "keyboard-interactive" authentication (SSH2)' under your SSH Auth options to turn off SKey.

[hobbes2112]

Originally posted by sourdaisy
Since you're talking about ports, I assume this is FreeBSD. If so, just remove the port and then reinstall it. That's the easiest way.

Yes this is FreeBSD, the problem is that the ssh was installed with the system, so I am unfamiliar with the procedure or reinstalling it...

[sourdaisy]

If it was installed with the system, then it was installed as a package, which is compatible with the ports tree.

Take a look into /var/db/pkg and you should see an entry for ssh. To remove the package, type "pkg_delete ssh-x.x.x", making sure you put the ssh version you have. Its in the security category of the ports tree so you can reinstall it, or you can just download the package from here: http://www.freebsd.org/ports/security.html and use the "pkg_add ssh-x.x.x" command to install it (its quicker than the ports tree).

I recommend getting openssh instead, though, because it has had fewer exploits found. Its also located in the security category.

[hobbes2112]

Well the S/Key problem is fixed.

I don't know why it decided to listen this time when I changed that in the sshd_config but who is complaining

I am not at home now, so I will have to update you on the delay problem later.

[hobbes2112]

Originally posted by sourdaisy
If it was installed with the system, then it was installed as a package, which is compatible with the ports tree.

Take a look into /var/db/pkg and you should see an entry for ssh. To remove the package, type "pkg_delete ssh-x.x.x", making sure you put the ssh version you have. Its in the security category of the ports tree so you can reinstall it, or you can just download the package from here: http://www.freebsd.org/ports/security.html and use the "pkg_add ssh-x.x.x" command to install it (its quicker than the ports tree).

I recommend getting openssh instead, though, because it has had fewer exploits found. Its also located in the security category.

Ok, that makes sense and I actually did try that...there is no listing for ssh or openssh in my /var/db/pkg and hence I was confused !!


I thought openssh was the version of ssh installed with 4.5?

[sourdaisy]

If its not in the listing of installed ports, then it sounds like it may have been compiled by source. If you're sure it was installed during installation, then I dunno why its not there

In any case, go ahead and just install ssh or openssh from the ports. The installer should have you pick packages to install and it should say ssh or openssh. It doesn't automatically pick one, AFAIK.

[hobbes2112]

Just installed openssh from the ports

Will that not cause a problem with ssh?

{doesn't seem to...but then again I haven't rebooted}

[sourdaisy]

Nope, won't cause a problem at all. And rebooting has nothing to do with it. In fact, the only time you need to reboot is if you recompile the kernel.

[hobbes2112]

Originally posted by sourdaisy
Nope, won't cause a problem at all. And rebooting has nothing to do with it. In fact, the only time you need to reboot is if you recompile the kernel.

I typically restart ssh with

kill -HUP `cat /var/run/sshd.pid`

so I figured that was enough...I don't however know if the startup from rc.conf was successfully changed

I will take you word for it since you are much more experienced