I have a remote server I need to administer over a VPN to another data centre. The server I used to conenct to it from (server A) is being decommissioned, so I'm using another on the same VLAN (sevrer B).
Server A and B run the same version of SSH (SSH-2.0-OpenSSH_4.3) and have identical /etc/ssh/ssh_config files.
Server A and B both have RSA keys, with the public part stored in .ssh/authorized_keys on the remote machine.
When I ssh to the remote machine from server A, I get in immediately.
When I ssh to the remote machine from server B, I have to wait around 20 seconds or more.
I've run ssh in verbose debug mode and the part where it's hanging on server B is here:
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/user/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '10.10.10.50' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug2: bits set: 493/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/identity ((nil))
debug2: key: /home/user/.ssh/id_rsa (0x7ff214705310)
debug2: key: /home/user/.ssh/id_dsa ((nil))
...
This is the point where there's a 20 second delay. What's going on with server B that isn't affecting server A?
Best Answer
Probably a reverse-dns lookup delay. Check your DNS configuration at server B.
You can verify this by setting 'UseDNS no' in sshd_config and see if it helps. (It is preferrable, however, to solve any underlying DNS problems if there are any).