Hello. I just joined this group and have a question. First, I'd like to
thank all those who have contributed to this list and to the SSHD
documentation.
I have a W2K Server running Cygwin sshd running as a service, setup using
domain accounts according to http://tech.erdelynet.com/cygwin-sshd.html
<http://tech.erdelynet.com/cygwin-sshd.html> . I had it working without
prompting for passwords by running "ssh-keygen -t rsa" as each
user/workstation and appending the id_rsa.pub files from workstations to the
appropriate /home/userid/.ssh/authorized_keys2 files. All was well until
about 3 weeks ago when I updated the Cygwin packages. After that, sshd was
broken to the point that I uninstalled Cygwin, cleaned out the registry, and
reinstalled.
Now I have Cygwin sshd running again, and I can login from the server as the
domain administrator by running "ssh localhost" from a bash prompt. I can
also login from my PC as my domain account.
However, each time I login, regardless of the userid, I see about a 35
second delay between the time the motd file is displayed and when I get a
bash prompt. Here is the output from a login:
****************************************************************************
*******************
dmello@mypc <mailto:dmello@mypc> ~
$ ssh -v servername
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to servername [10.0.0.254] port 22.
debug1: Connection established.
debug1: identity file /home/dmello/.ssh/identity type 0
debug1: identity file /home/dmello/.ssh/id_rsa type 1
debug1: identity file /home/dmello/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 128/256
debug1: bits set: 1597/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'servername' is known and matches the RSA host key.
debug1: Found key in /home/dmello/.ssh/known_hosts:4
debug1: bits set: 1562/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interacti
ve
debug1: next auth method to try is publickey
debug1: try pubkey: /home/dmello/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100b4458 hint
1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: channel request 0: shell
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 0 rmax 32768
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR
OTHER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO
MONITORING AND AUDITING.
* * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
<...waiting at this point for about 35 seconds...>
dmello@servername <mailto:dmello@servername> ~
$
****************************************************************************
*******************
I've played around with setting Tcpip as a dependency by using this command
to install the service:
cygrunsrv -I sshd -p /usr/sbin/sshd -a '-D' -d 'CYGWIN sshd' -e
'CYGWIN=ntsec tty' -y Tcpip -2 /var/log/sshd.log
Another problem I now have is that nothing is written to /var/log/sshd.log,
despite the explicit attempt above.
Does anyone have any ideas what I can do to fix the logging, and especially
the delay? If you think you'll need to see the server side of things, I'll
have to figure out where to get srvany to setup a test sshd...I look at MS
but it didn't jump out at me. For now, I was hoping that the mention of a
delay may be familiar to someone.
Thank you,
Dave
-- List Information: http://tech.erdelynet.com/mailman/listinfo/ssh-l/ List Archives: http://erdelynet.com/archive/ssh-l/Received on Wed Jul 31 16:37:46 2002
This archive was generated by hypermail 2.1.8 : Fri Jul 29 2005 - 17:33:38 EDT