[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ssh between DomUs in Xen3.2


  • To: "David Grundy" <grundy@xxxxxxx>
  • From: "Waldirio Manhães Pinheiro" <waldirio@xxxxxxxxx>
  • Date: Mon, 16 Jun 2008 08:19:16 -0300
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 16 Jun 2008 04:19:53 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=c/QMnMv5l5Ylo9p5o/GSlSbcAGZUESDj47CSlDoIQ7Qd7GYRtsaL9P6h3pwdwQEBgx HIqCB8otCI+lIqHyD7/USyAA5F3z9o9rS5IqxD+3foSeIZjyCDvvXJNMPvUpYsii8eWl k+0HwfMCOXibg2HCzhjji1Y/aDg041o1TQ/us=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

    David
 
Same times, problems like this occurs because named configuration have problem's.
 
Source:http://www.openssh.org/faq.html
Another Source: http://www.google.com.br/search?hl=pt-BR&q=ssh+slow+dns&meta=

3.3 - ssh(1) takes a long time to connect or log in

Large delays (more that 10 seconds) are typically caused a problem with name resolution:

  • Some versions of glibc (notably glibc 2.1 shipped with Red Hat 6.1) can take a long time to resolve "IPv6 or IPv4" addresses from domain names. This can be worked around with by specifying AddressFamily inet option in ssh_config.
  • There may be a DNS lookup problem, either at the client or server. You can use the nslookup command to check this on both client and server by looking up the other end's name and IP address. In addition, on the server look up the name returned by the client's IP-name lookup. You can disable most of the server-side lookups by setting UseDNS no in sshd_config.

Delays less than 10 seconds can have other causes.

  • OpenSSH releases prior to 3.8 had an moduli file with moduli that were just smaller than what sshd would look for, and as a result, sshd would end up using moduli significantly larger than requested, which resulted in a speed penalty. Replacing the moduli file will resolve this (note that in most cases this file will not be replaced during an upgrade and must be replaced manually).
  • OpenSSH releases prior to 3.8 had a flaw in ssh that would cause it to request moduli larger than intended (which when combined with the above resulted in significant slowdowns). Upgrading the client to 3.8 or higher will resolve this issue.
  • If either the client or server lack a kernel-based random number device (eg Solaris < 9, AIX < 5.2, HP-UX < 11.11) and no substitute is available (eg prngd) it's possible that one of the programs called by ssh-rand-helper to generate entropy is hanging. This can be investigated by running it in debug mode:
    /usr/local/libexec/ssh-rand-helper -vvv
    Any significant delays should be investigated and rectified, or the corresponding commands should be removed from ssh_prng_cmds.

Waiting.
Cheers
Waldirio
 
2008/6/16, David Grundy <grundy@xxxxxxx>:
Hi Waldirio:

I tried telnet earlier from one DomU to another

[root@localhost ~]# telnet 192.168.17.201 22
Trying 192.168.17.201...
Connected to 192.168.17.201 (192.168.17.201).
Escape character is '^]'.

and then it just hangs...
So it looks like I can connect to the port from DomU to DomU.

But from Dom0 to a DomU

[root@gxn-wn2 ~]# telnet 192.168.17.201 22
Trying 192.168.17.201...
Connected to 192.168.17.201 (192.168.17.201).
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1
Connection closed by foreign host.


I am scratching my head...

David


>     Hello David
>
>   Let's try fix this problem. In the second machine, which work fine, on
> link http://rafb.net/p/1HnPnm90.html at line 408 you can see, the client
received the string "SSH-1.99-OpenSSH-3.9p1\n" and continue the process
normally, at the firts machine http://rafb.net/p/SRoQE434.html at line
310,
> the client hang up at this point.
>
> You may test with the command #telnet 192.168.17.201 22, which normally you
> will receive a answer like below
>
> [root@cerberos ~]# telnet 192.168.0.11 22
> Trying 192.168.0.11...
> Connected to 192.168.0.11 (192.168.0.11).
> Escape character is '^]'.
> *SSH-2.0-OpenSSH_4.3*
>
> Protocol mismatch.
> Connection closed by foreign host.
>
> PS: Probably you will be a delay to show *SSH-2.0-OpenSSH_4.3* string,
so
> ..., your problem.
>
> I had this problem with WindowsXP 64, which there aren't ssh server with
support to arch 64, however, try re-install or update your ssh server.
>
> Good Luck
> Waldirio
>
> 2008/6/13 David Grundy <grundy@xxxxxxx>:
>
>> Hi again:
>> I followed your instruction and the output is here:
>> http://rafb.net/p/1HnPnm90.html
>> Thanks again.
>> David
>> >     Hello
>> >
>> > Pls, repeat the procedure in one machine that work fine ssh between
>> their
>> > and past the out here too http://rafb.net/paste/. With boths we can
compare
>> > where the system was hang and what can we change to fix the problem.
>> >
>> > Cheers
>> > Waldirio
>> >
>> > 2008/6/13, David Grundy <grundy@xxxxxxx>:
>> >>
>> >> Thanks Waldirio:
>> >>
>> >> Here is the link:
>> >>
>> >> http://rafb.net/p/SRoQE434.html
>> >>
>> >> Cheers,
>> >>
>> >> David
>> >>
>> >>
>> >> > David
>> >> >
>> >> > I'll check later, because at my work, the http://pastebin.com are
>> >> blocked,
>> >> > so, only at home or if is possible to you, paste here pls -
http://rafb.net/paste/
>> >> >
>> >> > Best Regards
>> >> >
>> >> > 2008/6/13, David Grundy <grundy@xxxxxxx>:
>> >> >>
>> >> >> Hello Waldirio:
>> >> >>
>> >> >> Thanks for you advice.  I was not aware of strace.  I followed
you
>> >> >> advice
>> >> >> and posted the output at http://pastebin.com/m1eec8e45.  The
>> output
>> >> is
>> >> a
>> >> >> little cryptic for me so any assistance would be greatly
>> appreciated.
>> >> >>
>> >> >> Cheers,
>> >> >>
>> >> >> David
>> >> >>
>> >> >>
>> >> >> >    Hello David
>> >> >> >
>> >> >> >  Try check with command below
>> >> >> >
>> >> >> > # strace ssh 192.168.17.200
>> >> >> >
>> >> >> > If need help to debug a trace, create a output file and post in
http://pastebin.com/ for example, later send here.
>> >> >> >
>> >> >> > Good Luck
>> >> >> > Waldirio
>> >> >> >
>> >> >> > 2008/6/12 David Grundy <grundy@xxxxxxx>:
>> >> >> >
>> >> >> >>
>> >> >> >> Hello All:
>> >> >> >>
>> >> >> >> I am working with a small cluster running Xen3.2 on Scientific
>> >> Linux
>> >> >> 5
>> >> >> >> on
>> >> >> >> the worker nodes.  I have been trying to mess around with some
>> >> >> different
>> >> >> >> network configurations and have stumbled upon something that
>> seems
>> >> >> very
>> >> >> >> strange to me.  My DomUs can connect with the Dom0 and
external
>> >> >> network
>> >> >> >> (ping,ssh,etc), I can connect with the DomUs from the head
node
>> >> and
>> >> >> Dom0
>> >> >> >> (ping,ssh,etc) and I can ping the DomUs from one another BUT
>> when
>> >> I
>> >> >> try
>> >> >> >> to
>> >> >> >> ssh from one DomU to another it just hangs.
>> >> >> >>
>> >> >> >>
>> >> >> >> [root@localhost ~]# ssh -vvv 192.168.17.200
>> >> >> >> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
>> >> >> >> debug1: Reading configuration data /etc/ssh/ssh_config debug1:
Applying options for *
>> >> >> >> debug2: ssh_connect: needpriv 0
>> >> >> >> debug1: Connecting to 192.168.17.200 [192.168.17.200] port 22.
debug1: Connection established.
>> >> >> >> debug1: permanently_set_uid: 0/0
>> >> >> >> debug1: identity file /root/.ssh/identity type -1
>> >> >> >> debug3: Not a RSA1 key file /root/.ssh/id_rsa.
>> >> >> >> debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug3: key_read: missing whitespace
>> >> >> >> debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
>> >> >> >> debug1: identity file /root/.ssh/id_rsa type 1
>> >> >> >> debug1: identity file /root/.ssh/id_dsa type -1
>> >> >> >>
>> >> >> >> And here it just hangs...
>> >> >> >>
>> >> >> >> In the /var/log/secure file on the vm I am trying to connect
to
>> >> the
>> >> >> >> following line shows up after I <ctrl> c the ssh command:
>> >> >> >>
>> >> >> >> Jun 12 14:13:03 localhost sshd[2478]: Did not receive
>> >> identification
>> >> >> >> string
>> >> >> >> from ::ffff:192.168.17.201
>> >> >> >>
>> >> >> >> I have located the following post that was never responded to.

>> I
>> >> am
>> >> >> not
>> >> >> >> sure if this is the same problem.
>> >> >> >>
>> >> >> >>
>> >> >>
>> >>
>> http://lists.xensource.com/archives/html/xen-users/2008-01/msg00951.html
>> >> >> >>
>> >> >> >> I have not modified the xend-config.sxp file so I am using all
>> the
>> >> >> >> default
>> >> >> >> scripts.  I have tried this on Xen3.1.0 and I am finding the
>> same
>> >> >> >> problem.
>> >> >> >>
>> >> >> >> Any help would be greatly appreciated.
>> >> >> >>
>> >> >> >> David
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Xen-users mailing list
>> >> >> >> Xen-users@xxxxxxxxxxxxxxxxxxx
>> >> >> >> http://lists.xensource.com/xen-users
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > ______________
>> >> >> > Atenciosamente
>> >> >> > Waldirio
>> >> >> > msn: wmp@xxxxxxxxxxxxx
>> >> >> > Site: www.waldirio.com.br
>> >> >> > Blog: blog.waldirio.com.br
>> >> >> > PGP: www.waldirio.com.br/public.html
>> >> >> > _______________________________________________
>> >> >> > Xen-users mailing list
>> >> >> > Xen-users@xxxxxxxxxxxxxxxxxxx
>> >> >> > http://lists.xensource.com/xen-users
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> Xen-users mailing list
>> >> >> Xen-users@xxxxxxxxxxxxxxxxxxx
>> >> >> http://lists.xensource.com/xen-users
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > ______________
>> >> > Atenciosamente
>> >> > Waldirio
>> >> > msn: wmp@xxxxxxxxxxxxx
>> >> > Site: www.waldirio.com.br
>> >> > Blog: blog.waldirio.com.br
>> >> > PGP: www.waldirio.com.br/public.html
>> >> >
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > ______________
>> > Atenciosamente
>> > Waldirio
>> > msn: wmp@xxxxxxxxxxxxx
>> > Site: www.waldirio.com.br
>> > Blog: blog.waldirio.com.br
>> > PGP: www.waldirio.com.br/public.html
>> >
>
>
> --
> ______________
> Atenciosamente
> Waldirio
> msn: wmp@xxxxxxxxxxxxx
> Site: www.waldirio.com.br
> Blog: blog.waldirio.com.br
> PGP: www.waldirio.com.br/public.html
>









--
______________
Atenciosamente
Waldirio
msn: wmp@xxxxxxxxxxxxx
Site: www.waldirio.com.br
Blog: blog.waldirio.com.br
PGP: www.waldirio.com.br/public.html

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.