输入密码后 SSH 延迟

输入密码后 SSH 延迟

输入密码后,有 20 到 60 秒的延迟才收到提示。

sshd_config(在另一个盒子中使用相同的配置,没有延迟):

#
# Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Configuration file for sshd(1m) (see also sshd_config(4))
#

#
# This file is used for the SunSSH and the OpenSSH versions of the sshd(1m)
# daemon. Commented out entries should match the defaults of the running
# sshd(1m) daemon. See the sshd(1m) man page for the defaults. Uncomment
# entries that override the defaults.
#

# Listen port (the IANA registered port number for ssh is 22)
#Port 22

# The default listen address is all interfaces, this may need to be changed
# if you wish to restrict the interfaces sshd listens on for a multi homed host.
# Multiple ListenAddress entries are allowed.

# IPv4 only
#ListenAddress 0.0.0.0
# SunSSH: IPv4 & IPv6, OpenSSH: IPv6 only!
#ListenAddress ::

# If port forwarding is enabled (default), specify if the server can bind to
# INADDR_ANY. 
# This allows the local port forwarding to work when connections are received
# from any remote host.
#GatewayPorts no

# X11 tunneling options
#X11DisplayOffset 10
#X11UseLocalhost yes
X11Forwarding yes

# The maximum number of concurrent unauthenticated connections to sshd.
# start:rate:full see sshd(1) for more information.
#MaxStartups 10:30:100

# Banner to be printed before authentication starts.
Banner /etc/issue

# Should sshd print the /etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
PrintMotd no

# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd(1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
#KeepAlive yes

# Syslog facility and level 
#SyslogFacility auth
#LogLevel info

#
# Authentication configuration
# 

# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# sshd regenerates the key every KeyRegenerationInterval seconds.
# The key is never stored anywhere except the memory of sshd.
# The default is 1 hour (3600 seconds).
#KeyRegenerationInterval 3600

# Ensure secure permissions on users .ssh directory.
#StrictModes yes

# Length of time in seconds before a client that hasn't completed
# authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
#LoginGraceTime 0

# Maximum number of retries for authentication
# Default is 6.
#MaxAuthTries   6

# Are logins to accounts with empty passwords allowed.
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK 
# to pam_authenticate(3PAM).
#PermitEmptyPasswords no

# To disable tunneled clear text passwords, change PasswordAuthentication to no.
#PasswordAuthentication yes

# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes

# sftp subsystem
Subsystem       sftp    internal-sftp

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes

LookupClientHostnames no

VerifyReverseMapping no

GSSAPIAuthentication no

SSH 客户端日志 (-vvv):(我标记了延迟发生的位置在这里延迟<--------

OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: kex names ok: [diffie-hellman-group14-sha1]
debug3: kex names ok: [diffie-hellman-group1-sha1]
debug2: resolve_canonicalize: hostname 192.168.11.18 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.11.18 [192.168.11.18] port 5551.
debug1: Connection established.
debug1: identity file /home/tpadmin/.ssh/id_rsa type -1
debug1: identity file /home/tpadmin/.ssh/id_rsa-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_dsa type -1
debug1: identity file /home/tpadmin/.ssh/id_dsa-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_ecdsa type -1
debug1: identity file /home/tpadmin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/tpadmin/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_ed25519 type -1
debug1: identity file /home/tpadmin/.ssh/id_ed25519-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_ed25519_sk type -1
debug1: identity file /home/tpadmin/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/tpadmin/.ssh/id_xmss type -1
debug1: identity file /home/tpadmin/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: no match: Sun_SSH_2.2
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.11.18:5551 as 'user1'
debug3: put_host_port: [192.168.11.18]:5551
debug3: hostkeys_foreach: reading file "/home/tpadmin/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: languages stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug3: receive packet: type 31
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2055/4095
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug3: receive packet: type 33
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:1B4iyS3SaJb9sXvNNfnfR4Ne/T2hQ3xRl/NfyQngna4
debug3: put_host_port: [192.168.11.18]:5551
debug3: put_host_port: [192.168.11.18]:5551
debug3: hostkeys_foreach: reading file "/home/tpadmin/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/tpadmin/.ssh/known_hosts"
debug1: checking without port identifier
debug3: hostkeys_foreach: reading file "/home/tpadmin/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/tpadmin/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys from 192.168.11.18
debug1: Host '192.168.11.18' is known and matches the RSA host key.
debug1: Found key in /home/tpadmin/.ssh/known_hosts:5
debug1: found matching key w/out port
debug2: bits set: 2062/4095
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/tpadmin/.ssh/id_rsa 
debug1: Will attempt key: /home/tpadmin/.ssh/id_dsa 
debug1: Will attempt key: /home/tpadmin/.ssh/id_ecdsa 
debug1: Will attempt key: /home/tpadmin/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/tpadmin/.ssh/id_ed25519 
debug1: Will attempt key: /home/tpadmin/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/tpadmin/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
debug3: receive packet: type 51
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tpadmin/.ssh/id_rsa
debug3: no such identity: /home/tpadmin/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_dsa
debug3: no such identity: /home/tpadmin/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_ecdsa
debug3: no such identity: /home/tpadmin/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_ecdsa_sk
debug3: no such identity: /home/tpadmin/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_ed25519
debug3: no such identity: /home/tpadmin/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_ed25519_sk
debug3: no such identity: /home/tpadmin/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/tpadmin/.ssh/id_xmss
debug3: no such identity: /home/tpadmin/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: 
debug3: send packet: type 61
debug3: receive packet: type 52
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.11.18 ([192.168.11.18]:5551).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env MOTD_SHOWN
debug3: Ignored env HOME
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSCLOSE
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env TERM
debug3: Ignored env LESSOPEN
debug3: Ignored env USER
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env SSH_CLIENT
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PATH
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env SSH_TTY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 4
debug1: Remote: Channel 0 set: LANG=en_US.UTF-8
debug2: channel 0: rcvd adjust 512736
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu May 18 12:34:40 2023 from 10.170.12.123
Environment:
  USER=user1
  LOGNAME=user1
  HOME=/user1
  PATH=/usr/bin:/bin
  MAIL=/var/mail/user1
  SHELL=/usr/bin/bash
  TZ=localtime
  LANG=en_US.UTF-8
  SSH_CLIENT=69.20.236.7 54710 5551
  SSH_CONNECTION=69.20.236.7 54710 192.168.11.18 5551
  SSH_TTY=/dev/pts/3
  TERM=xterm-256color

***delay here <--------***

Oracle Corporation  SunOS 5.11      11.3    September 2015

跟踪:(我标记了延迟发生的位置在这里延迟<--------但它是在跟踪的末尾,之后我得到提示,这里没有报告任何内容()

Connection from 10.23.11.91 port 58980
debug1: Client protocol version 2.0; client software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
monitor debug1: reading the context from the child
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: 
debug1: Peer sent proposed langtags, stoc: 
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 260/512
debug1: bits set: 2111/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2032/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user user1 service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
debug1: userauth_banner: sent
Failed none for user1 from 10.23.11.91 port 58980 ssh2
debug1: userauth-request for user user1 service ssh-connection method keyboard-interactive
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: keyboard-interactive devs 
debug1: got 1 responses
debug1: PAM conv function returns PAM_SUCCESS
Accepted keyboard-interactive for user1 from 10.23.11.91 port 58980 ssh2
debug1: permanently_set_uid: 1002/10
debug1: sending auth context to the monitor
debug1: will send 53 bytes of auth context to the monitor
monitor debug1: finished reading the context
monitor debug1: use_engine is 'yes'
monitor debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
monitor debug1: pkcs11 engine initialization complete
monitor debug1: Entering monitor loop.
monitor debug1: fd 9 setting O_NONBLOCK
monitor debug1: fd 10 setting O_NONBLOCK
debug1: Entering interactive session for SSH2.
debug1: fd 4 setting O_NONBLOCK
debug1: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/3
debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
debug1: fd 5 setting TCP_NODELAY
debug1: SSH receive window size: 512736 B
debug1: fd 11 setting O_NONBLOCK
delay here <--------

答案1

登录时运行的默认/etc/profile脚本使用该命令执行磁盘空间配额检查/usr/sbin/quota。对于具有大量文件系统的系统来说,这可能会停止/挂起/花费很长时间,特别是如果这些文件系统中的任何一个是 NFS 安装的并且 NFS 服务器无法访问。

将文件添加.hushlogin到主目录将禁用配额检查(同时禁用其他登录消息的显示 - 因此得名.hushlogin)。

相关内容