[Ssh-sftp-perl-users] Login with DSA keys slow, RSA keys fast
Brought to you by:
dbrobins
Menu
▾
▴
[Ssh-sftp-perl-users] Login with DSA keys slow, RSA keys fast
|
From: Michael S. <msc...@gm...> - 2011-05-21 05:44:59
|
Hello, I have an odd problem. I am trying to use the Perl Net::SSH::Perl library, v 1.34 from a RHEL 5.3 box to ssh into another RHEL 5.3 box (pretty vanilla), or to ssh locally (as a test) on a single RHEL5.3 box. I am simply executing "hostname" at the moment. The problem is, it goes very quickly if I use an rsa public/private keypair. Always. On the other hand, dsa usually takes a much longer time. It can take 30 seconds to login if going from host-to-host. Ssh'ing from localhost into localhost, it takes over a minute. Sometimes it even times out. If I ssh from host-to-host, my login times generally seem to oscillate fairly regularly between about 30 seconds to only a second or two. That is, I try my script and it takes 30 seconds to login and return the "hostname" output. Then, about a second. Then 30. Then 1. Then 30... etc... Locally, the login times are always just plain long. Using the OpenSSH on the command line (not perl) is always quick; time(1) shows less than 0.2s realtime to run the hostname command. No matter if I use my dsa or rsa identity. What could possibly be going wrong? I'm stumped. My login session pauses just a moment here: myhost.mydomain.com: Reading configuration data /home/operat/.ssh/config myhost.mydomain.com: Reading configuration data /etc/ssh_config myhost.mydomain.com: Connecting to localhost, port 22. myhost.mydomain.com: Remote protocol version 2.0, remote software version OpenSSH_4.3 myhost.mydomain.com: Net::SSH::Perl Version 1.34, protocol version 2.0. myhost.mydomain.com: No compat match: OpenSSH_4.3. myhost.mydomain.com: Connection established. myhost.mydomain.com: Sent key-exchange init (KEXINIT), wait response. myhost.mydomain.com: Algorithms, c->s: 3des-cbc hmac-sha1 none myhost.mydomain.com: Algorithms, s->c: 3des-cbc hmac-sha1 none (a few seconds' delay) myhost.mydomain.com: Entering Diffie-Hellman Group 1 key exchange. myhost.mydomain.com: Sent DH public key, waiting for reply. myhost.mydomain.com: Received host key, type 'ssh-dss'. myhost.mydomain.com: Host 'localhost' is known and matches the host key. myhost.mydomain.com: Computing shared secret key. myhost.mydomain.com: Verifying server signature. myhost.mydomain.com: Waiting for NEWKEYS message. myhost.mydomain.com: Send NEWKEYS. myhost.mydomain.com: Enabling encryption/MAC/compression. myhost.mydomain.com: Sending request for user-authentication service. myhost.mydomain.com: Service accepted: ssh-userauth. myhost.mydomain.com: Trying empty user-authentication request. myhost.mydomain.com: Authentication methods that can continue: publickey,gssapi-with-mic,password. myhost.mydomain.com: Next method to try is publickey. myhost.mydomain.com: Trying pubkey authentication with key file '/home/operat/.ssh/id_dsa' Then it takes a really long time before it finishes: myhost.mydomain.com: Login completed, opening dummy shell channel. myhost.mydomain.com: channel 0: new [client-session] myhost.mydomain.com: Requesting channel_open for channel 0. myhost.mydomain.com: channel 0: open confirm rwindow 0 rmax 32768 myhost.mydomain.com: Got channel open confirmation, requesting shell. myhost.mydomain.com: Requesting service shell on channel 0. myhost.mydomain.com: channel 1: new [client-session] myhost.mydomain.com: Requesting channel_open for channel 1. myhost.mydomain.com: Entering interactive session. myhost.mydomain.com: Sending command: hostname myhost.mydomain.com: Sending command: hostname myhost.mydomain.com: Requesting service exec on channel 1. myhost.mydomain.com: channel 1: open confirm rwindow 0 rmax 32768 myhost.mydomain.com: input_channel_request: rtype exit-status reply 0 myhost.mydomain.com: channel 1: rcvd eof myhost.mydomain.com: channel 1: output open -> drain myhost.mydomain.com: channel 1: rcvd close myhost.mydomain.com: channel 1: input open -> closed myhost.mydomain.com: channel 1: close_read myhost.mydomain.com: channel 1: obuf empty myhost.mydomain.com: channel 1: output drain -> closed myhost.mydomain.com: channel 1: close_write myhost.mydomain.com: channel 1: send close myhost.mydomain.com: channel 1: full closed Cmd output: myhost.mydomain.com Here are my params: my @id = ("$ENV{HOME}/.ssh/id_dsa"); my %params = ( protocol => '2', interactive => 0, identity_files => [@id], port => 22, debug => 1, ); Thanks! -- -Mike Schwager |
