在用户身份验证阶段（超时）NX 3.5.0 和 SSH 出现问题

SuSE SLES 11 SP3 英特尔 P4

我已经在家用服务器上安装了 NoMachines 的 NX 3.5.0，它一直运行良好，直到最近我通过注册商更改了服务器的域名，无意中破坏了系统的身份验证，使 openLDAP 的 SSL 证书无效。我有一个 openLDAP 设置作为 Linux 身份验证的后端。我已禁用 openLDAP 服务器和 LDAP 客户端库的 SSL，因为所有连接都将是本地的，并避免了开销。现在我的身份验证相当好。虽然这解决了那个特定的问题，但我仍然遇到 NX 客户端身份验证问题，我不断收到此错误：

NX> 500 ERROR: Operation timeout in communication with SSH server

进一步调查后，服务器日志显示：

Sep 14 05:07:43 home NXSERVER-3.5.0-11[27342]: ERROR: reached timeout of 20s while trying SSHd authentication for user '*************', to '127.0.0.1', port '22' 'NXNssUserManager::auth'

为解决此问题而采取的步骤。我查阅了 NoMachine 文档，但找不到任何有关如何增加超时值的信息。或者。我决定尝试缩短 SSH 登录延迟。这基本上就是我过去几天在进行一些测试时遇到的问题：

OpenSSH_6.2p2, OpenSSL 0.9.8j-fips 07 Jan 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/***********/.ssh/id_rsa type -1
debug1: identity file /home/***********/.ssh/id_rsa-cert type -1
debug1: identity file /home/***********/.ssh/id_dsa type -1
debug1: identity file /home/***********/.ssh/id_dsa-cert type -1
debug1: identity file /home/***********/.ssh/id_ecdsa type -1
debug1: identity file /home/***********/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 46:0f:51:88:c1:55:6f:c0:15:9e:5c:08:57:cc:5a:d9 [MD5]
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/lutchy.horace/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/***********/.ssh/id_rsa
debug1: Trying private key: /home/***********/.ssh/id_dsa
debug1: Trying private key: /home/***********/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
....

服务器需要 20 秒才能响应提示。在服务器端：

Sep 14 05:29:14 home sshd[27452]: debug1: userauth-request for user ******** service ssh-connection method keyboard-interactive [preauth]
Sep 14 05:29:14 home sshd[27452]: debug1: attempt 1 failures 0 [preauth]
Sep 14 05:29:14 home sshd[27452]: debug2: input_userauth_request: try method keyboard-interactive [preauth]
Sep 14 05:29:14 home sshd[27452]: debug1: keyboard-interactive devs  [preauth]
Sep 14 05:29:14 home sshd[27452]: debug1: auth2_challenge: user=******** devs= [preauth]
Sep 14 05:29:14 home sshd[27452]: debug1: kbdint_alloc: devices 'pam' [preauth]
Sep 14 05:29:14 home sshd[27452]: debug2: auth2_challenge_start: devices pam [preauth]
Sep 14 05:29:14 home sshd[27452]: debug2: kbdint_next_device: devices <empty> [preauth]
Sep 14 05:29:14 home sshd[27452]: debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_sshpam_init_ctx [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_send entering: type 104 [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive_expect entering: type 105 [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive entering [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive entering
Sep 14 05:29:14 home sshd[27452]: debug3: monitor_read: checking request 104
Sep 14 05:29:14 home sshd[27452]: debug3: mm_answer_pam_init_ctx
Sep 14 05:29:14 home sshd[27452]: debug3: PAM: sshpam_init_ctx entering
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_send entering: type 105
Sep 14 05:29:14 home sshd[27452]: debug3: mm_sshpam_query [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_send entering: type 106 [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive_expect entering: type 107 [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive entering [preauth]
Sep 14 05:29:14 home sshd[27452]: debug3: mm_request_receive entering
Sep 14 05:29:14 home sshd[27452]: debug3: monitor_read: checking request 106
Sep 14 05:29:14 home sshd[27452]: debug3: mm_answer_pam_query
Sep 14 05:29:14 home sshd[27452]: debug3: PAM: sshpam_query entering
Sep 14 05:29:14 home sshd[27452]: debug3: ssh_msg_recv entering
...

20秒延迟：

Sep 14 05:29:34 home sshd[27454]: debug3: PAM: sshpam_thread_conv entering, 1 messages
Sep 14 05:29:34 home sshd[27454]: debug3: ssh_msg_send: type 1
Sep 14 05:29:34 home sshd[27454]: debug3: ssh_msg_recv entering
Sep 14 05:29:34 home sshd[27452]: debug3: mm_request_send entering: type 107
Sep 14 05:29:34 home sshd[27452]: debug3: mm_sshpam_query: pam_query returned 0 [preauth]
Sep 14 05:29:34 home sshd[27452]: Postponed keyboard-interactive for ********* from ::1 port 55653 ssh2 [preauth].

我已经关注了有关 SSH 登录延迟的常见帖子，但没有人提供任何解决方案来纠正该问题。我只能推断 SSH 可能正在等待 PAM 的响应（PAM：sshpam_thread_conv）？NSCD 正在运行并缓存密码。就我而言，我无法确定延迟可能是由 PAM 和 pam_ldap.so 引起的。任何帮助都会有所帮助。

PS 我没有任何复杂的 PAM 设置，'pam_unix 然后 pam_ldap'