I am facing a delay of about 5-6 seconds when I try to ssh from my system to a friend's system. Here is the verbose output of the command :
zeus#athena:~$ ssh -v ashwin#192.168.40.211
OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.40.211 [192.168.40.211] port 22.
debug1: Connection established.
debug1: identity file /home/zeus/.ssh/identity type -1
debug1: identity file /home/zeus/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/zeus/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.40.211' is known and matches the RSA host key.
debug1: Found key in /home/zeus/.ssh/known_hosts:71
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
<---- delay 4-5 seconds------>
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/zeus/.ssh/identity
debug1: Offering public key: /home/zeus/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/zeus/.ssh/id_dsa
debug1: Next authentication method: password
Can someone help me figure out how i can get rid of this delay?
As suggested in the comments, this could be a DNS issue. There's an article covering some steps to try and solve this here:
http://www.thegeekstuff.com/2010/07/openssh-slow-at-ssh2_msg_service_accept-received/
The advice given boils down to editing /etc/sshd_config adding / changing UseDNS no and then restarting sshd. Obviously that can be tricky without access to the server!
It should also be pointed out, that setting UseDNS to no might not be the best solution in the long term. Probably better to fix the DNS issue, if there is one, on the machine in question.
My question seems to have an answer here:
https://superuser.com/a/654153/152271
It seems that remote host tries to do a nslookup to my hostname (the connecting one). After editing /etc/hosts in the remote host adding my IP/hostname, it fixed the delay.
Related
I had to restore my master branch from github a couple weeks ago and since then I've been receiving an error that states "Your key with fingerprint... is not authorized to access my app."
I've looked at the previous answers to this problem and have tried deleting the old keypair, creating a new one and uploading it.
I used the following posts and still get the same error:
Your key with fingerprint .... is not authorized to access... myapp. The remote end hung up unexpectedly. HEROKU, GIT CLONE
Why is my key w/ fingerprint not authorized when I try to push latest changes to Heroku?
Cannot push to Heroku because key fingerprint
When I run ssh -Tv git#heroku.com the terminal outputs the following:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to heroku.com [50.19.85.154] port 22.
debug1: Connection established.
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa type 1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa-cert type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Twisted
debug1: no match: Twisted
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA [rsa key redacted]
debug1: Host 'heroku.com' is known and matches the RSA host key.
debug1: Found key in /Users/anthonyfrancavilla/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/anthonyfrancavilla/.ssh/id_rsa_heroku
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to heroku.com ([50.19.85.154]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
shell request failed on channel 0
I discovered that the problem was in .git/config
The url under [remote "heroku"] was incorrect. I was able to reconnect once I corrected it.
My first key pair (eyelid_s.pem) is working fine. I'm using this key pair as access to an instance for personal use.
Now I'd like to create a new instance for a team to work on, so I created a new key pair (SE_Server.pem) as the default key pair for the new instance. But it just doesn't work. Even the old pem doesn't work for the new instance. I've tried new key pairs on my first instance, but they don't work either.
I've already done this:
chmod 400 SE_Server.pem
So this shouldn't be the file permission problem.
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-23-20-118-96.compute-1.amazonaws.com [2001:778::ffff:64:0:1714:7660] port 22.
debug1: Connection established.
debug1: identity file /Users/Lynn/.ssh/id_rsa type 1
debug1: identity file /Users/Lynn/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 4d:28:fd:e1:aa:ba:89:9a:6e:e7:b3:d7:fa:15:bd:af
debug1: Host 'ec2-23-20-118-96.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Lynn/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Lynn/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/Lynn/eyelid_s.pem
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: SE_Server_key.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/Lynn/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I'd really be grateful if anyone can help me! This is really really annoying because I have no access to my new instance.
you can have multiple keys (not in AWS console, but you can use them to ssh into your machine), just make sure you add them into the "authorized_keys" or "authorized_keys2" depending on your ssh version.
http://www.idrix.fr/Root/Samples/pubkey2ssh.c - a way to import the .pem but im sure there are other methods out there to.
I am in the process of installing the latest version of gitolite on an osx mountain lion server. I set it up under it's own 'git' user account and followed the instructions here: https://github.com/sitaramc/gitolite
I am getting stuck in trying to check-out the gitolite-admin repo from the server on my workstation. I run this command:
git clone git#gitserver:gitolite-admin
but get this in return:
Cloning into 'gitolite-admin'...
Connection closed by gitserver
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
It seems that I got the SSH set-up correctly because it's not asking for a PWD but I am stuck on where to look to try to debug the problem.
Thanks,
Grant
result from ssh -v
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to gitserver [gitserver] port 22.
debug1: Connection established.
debug1: identity file /Users/xxx/.ssh/id_rsa type 1
debug1: identity file /Users/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /Users/xxx/.ssh/id_dsa type -1
debug1: identity file /Users/xxx/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xxxxx
debug1: Host 'gitserver' is known and matches the RSA host key.
debug1: Found key in /Users/xxx/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xxx/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
Connection closed by gitserver
Looks OK here unless I am missing some detail.
I had a similar issue configuring a bare git repo in mountain lion. I uncommented the following lines of /etc/sshd_config:
PubkeyAuthentication yes
PermitUserEnvironment yes
The last one was related to the missing PATH error in .ssh/environment, but the first one was the one that allowed connections from ie. msysgit.
PS (edit): In the case of msysgit, I also setup the SSH agent (eval $(ssh-agent) && ssh-add) with OpenSSH key imported in pageant (as my GIT_SSH=path_to_plink). That did the trick.
On osx server, at least since 2015, also enable ssh access explicitly for the repository owner. In my case I have my server configured to allow only a few users. This caused very similar problems like you had.
I have been facing this annoying error when trying to setup Github on Mac, OS version is Lion. Basically, I followed the steps as mentioned at this URL: http://help.github.com/mac-set-up-git/
I always stuck at the step of executing this command "ssh -T git#github.com"
I have tried to output the debugging message and below is the message log. The last message shows that it's due to an error 'Write failed: Broken pipe'.
Please give me a solution to fix this error if you have ever encountered this error before and able to fix it. Thanks a lot.
user-users-macbook:.ssh useruser$ ssh -vT git#github.com
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: identity file /Users/useruser/.ssh/id_rsa type 1
debug1: identity file /Users/useruser/.ssh/id_rsa-cert type -1
debug1: identity file /Users/useruser/.ssh/id_dsa type -1
debug1: identity file /Users/useruser/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2
debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/useruser/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/useruser/.ssh/id_rsa
debug1: Remote: Forced command: gerve thsonvt
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Remote: Forced command: gerve thsonvt
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([207.97.227.239]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
Write failed: Broken pipe
Write failed: Broken pipe just means that, for whatever reason, the connection broken. This can happen for any number of reasons, such as a timeout occurring, or your connection to the server being broken due to your internet connection dropping out, etc. Increasing the ServerAliveInterval can help; ask at ServerFault if you're after more information about SSH settings, as it's off-topic for StackOverflow :)
For you, though, this is irrelevant; from your debug output it's pretty clear that you've set up your SSH keys successfully (debug1: Authentication succeeded (publickey) and following lines).
It also looks like you've done step 5 of that tutorial more than once; debug1: Found key in /Users/useruser/.ssh/known_hosts:1 means that you've already added the remote host to your list of known hosts (which is what typing yes is all about in step 5 of that tutorial).
Feel free to continue on to the next section (Then: Set Up Your Info); you've done everything you need to for step 1 to step 5.
Try adding
ClientAliveInterval 15
Original answer:
Try adding the following line to your /etc/ssh/ssh_config
ServerAliveInterval 120
I'm on a Mac now and previously I was able to set up and access an EC2 instance successfully from Windows XP. I want to create a new key for access from Mac, used the console management screen to generate a new key, saved the PEM file, changed permission on the file to owner RW only and then tried ssh but couldn't get it to work. Here's my command
ssh -v -i .ssh/ec2-mac.pem ec2-user#ec2-204-236-143-254.us-west-1.compute.amazonaws.com
Here's the verbose output
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-204-236-143-254.us-west-1.compute.amazonaws.com http://204.236.143.254 port 22.
debug1: Connection established.
debug1: identity file .ssh/ec2-mac.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-204-236-143-254.us-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/bob/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/bob/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: .ssh/ec2-mac.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Anyone know what I'm missing? Oh and I am able to ssh into a different instance with the original key created for that instance making this even more puzzling.
Permissions are set correctly using chmod 600. The one thing I'm not sure is in the control panel management screen when I list Instances, it only shows the original value in "Key Pair Name" column, should it show both?
Thanks for your help in advance.
You don't need to create new key for new operating system. You can make use of your old Windows XP key in MAC.
Another point is when you launch an instance with a private key, then you can only login through that key only. A new key won't help.
Regards,
Sanket Dangi