Very long ssh connection
Solved
Bonjour
I have a CentOS 7 Linux. I want to configure an SSH server on it for encrypted data transfer. I placed my server's key on the PC and from my server, I'm trying to access it with the command
Can you please help me?
I have a CentOS 7 Linux. I want to configure an SSH server on it for encrypted data transfer. I placed my server's key on the PC and from my server, I'm trying to access it with the command
ssh root@ip. It works without asking for a password as intended, but after a long delay. I switched to
-vmode, but I do not know how to understand what is wrong.
Can you please help me?
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to ip [ip] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.63:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: ***@*** MAC: <implicit> compression: none
debug1: kex: client->server cipher: ***@*** MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:6AdxkZ4Wg9bhligStg1sQFvn0FE4PS84tAlnXjK+ZRI
debug1: Host 'ip' is known and matches the ED25519 host key.
debug1: Found key in /etc/ssh/ssh_known_hosts:18
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to ip ([ip]:22).
debug1: channel 0: new [client-session]
debug1: Requesting ***@***
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype ***@*** want_reply 0
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Last login: Tue Jun 22 10:16:36 2021 from **.**.**.**
2 answers
Hello,
It is probably due to the
If the line
Notes
Good luck
It is probably due to the
UseDNSoption defined in
/etc/ssh/sshd_config.
If the line
UseDNS Yesis present:
- 1. Open this file with superuser rights (e.g.
sudo nano /etc/ssh/sshd_config
). - 2. Comment out this line by adding a
#
at the beginning of the line, or correct it toUseDNS yes
. - 3. Save and exit (ctrl x in
nano
)? - 4. Restart the ssh server (
sudo systemctl restart sshd.service
) for the configuration change to take effect. - 5. Try connecting to your ssh server again.
Notes
- You indicate that you are connecting with the user
root
. This is a bad idea, especially if the machine is publicly accessible, because the root profile exists on every Linux machine, has maximum rights, and is therefore a prime target for an attacker. That is why a well-configured ssh server disallows this kind of connection (still in/etc/ssh/sshd_config
, seePermitRootLogin no
). - You are using ssh keys, which is very good; it is safer and cleaner than using a password. If you only plan for this type of authentication, you can enable the
PasswordAuthentication no
option in/etc/ssh/sshd_config
. - For maximum security, you can finalize your installation with
fail2ban
.
Good luck
Hello Tom,
Your configuration file looks correct, but try explicitly setting
For example: Here my machine is called
For your information, here is the content of
Good luck
Your configuration file looks correct, but try explicitly setting
UseDNS no. Also, check that your machine's name is defined in
/etc/hosts.
For example: Here my machine is called
silkas indicated by the command
hostname, and I can see this entry in
/etc/hosts.
(mando@silk) (~) $ grep $(hostname) /etc/hosts
127.0.1.1 silk
For your information, here is the content of
/etc/ssh/sshd_configdefined on one of the servers I manage (see
grep -v ^# /etc/ssh/sshd_config | grep -v ^$) :
Include /etc/ssh/sshd_config.d/*.conf
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Good luck
Thank you for your help
The line was already commented ;( Regarding root, I am on a private network not connected to the internet and I am using a connection via SSH key.
Here is a copy of my file :
Thank you very much, I removed the # and set it to no and it works.
Thanks, thanks
I wish you a great day
and thank you for all your advice.
You're welcome, actually I've had this problem in the past, that's why :-)
Wishing you all the best and have an excellent day as well.