Тормоза при ssh логине

[Termitnik]

При ssh логине на удаленный сервер возникает 10 секундная пауза после ввода пароля.
Выставил sshd логгинг в дебаг, но причины выяснить так и не удалось, помогите разобраться.
sshd.log

Код: Выделить всё

Aug  9 05:49:37 data sshd[954]: debug1: fd 5 clearing O_NONBLOCK
Aug  9 05:49:37 data sshd[954]: debug1: Forked child 56294.
Aug  9 05:49:37 data sshd[56294]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Aug  9 05:49:37 data sshd[56294]: debug1: inetd sockets after dupping: 3, 3
Aug  9 05:49:37 data sshd[56294]: debug1: res_init()
Aug  9 05:49:37 data sshd[56294]: Connection from xxx.xxx.xxx.xxx port 58599
Aug  9 05:49:37 data sshd[56294]: debug1: Client protocol version 2.0; client software version OpenSSH_4.5p1 FreeBSD-20061110
Aug  9 05:49:37 data sshd[56294]: debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
Aug  9 05:49:37 data sshd[56294]: debug1: Enabling compatibility mode for protocol 2.0
Aug  9 05:49:37 data sshd[56294]: debug1: Local version string SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
Aug  9 05:49:37 data sshd[56294]: debug1: PAM: initializing for "termitnik"
Aug  9 05:49:37 data sshd[56294]: debug1: PAM: setting PAM_RHOST to "xxx.xxx.xxx.xxx"
Aug  9 05:49:41 data sshd[56296]: debug1: do_pam_account: called
Aug  9 05:49:41 data sshd[56294]: debug1: PAM: num PAM env strings 0
Aug  9 05:49:41 data sshd[56294]: debug1: do_pam_account: called
Aug  9 05:49:41 data sshd[56294]: Accepted keyboard-interactive/pam for termitnik from xxx.xxx.xxx.xxx port 58599 ssh2
Aug  9 05:49:41 data sshd[56294]: debug1: monitor_child_preauth: termitnik has been authenticated by privileged process
Aug  9 05:49:41 data sshd[56297]: debug1: PAM: reinitializing credentials
Aug  9 05:49:41 data sshd[56297]: debug1: Entering interactive session for SSH2.
Aug  9 05:49:41 data sshd[56297]: debug1: server_init_dispatch_20
Aug  9 05:49:41 data sshd[56297]: debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
Aug  9 05:49:41 data sshd[56297]: debug1: input_session_request
Aug  9 05:49:41 data sshd[56297]: debug1: channel 0: new [server-session]
Aug  9 05:49:41 data sshd[56297]: debug1: session_new: init
Aug  9 05:49:41 data sshd[56297]: debug1: session_new: session 0
Aug  9 05:49:41 data sshd[56297]: debug1: session_open: channel 0
Aug  9 05:49:41 data sshd[56297]: debug1: session_open: session 0: link with channel 0
Aug  9 05:49:41 data sshd[56297]: debug1: server_input_channel_open: confirm session
Aug  9 05:49:41 data sshd[56297]: debug1: server_input_channel_req: channel 0 request pty-req reply 0
Aug  9 05:49:41 data sshd[56297]: debug1: session_by_channel: session 0 channel 0
Aug  9 05:49:41 data sshd[56297]: debug1: session_input_channel_req: session 0 req pty-req
Aug  9 05:49:41 data sshd[56297]: debug1: Allocating pty.
Aug  9 05:49:41 data sshd[56294]: debug1: session_new: init
Aug  9 05:49:41 data sshd[56294]: debug1: session_new: session 0
----------------10 sec pause------------------------
Aug  9 05:49:51 data sshd[56297]: debug1: session_pty_req: session 0 alloc /dev/ttyp0
Aug  9 05:49:51 data sshd[56297]: debug1: server_input_channel_req: channel 0 request shell reply 0
Aug  9 05:49:51 data sshd[56297]: debug1: session_by_channel: session 0 channel 0
Aug  9 05:49:51 data sshd[56297]: debug1: session_input_channel_req: session 0 req shell
Aug  9 05:49:51 data sshd[56297]: debug1: PAM: setting PAM_TTY to "/dev/ttyp0"
Aug  9 05:49:51 data sshd[56299]: debug1: Setting controlling tty using TIOCSCTTY.

ssh -v на стороне клиента

Код: Выделить всё

OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to yyy.yyy.yyy.yyy [yyy.yyy.yyy.yyy] port ****.
debug1: Connection established.
debug1: identity file /home/termitnik/.ssh/identity type -1
debug1: identity file /home/termitnik/.ssh/id_rsa type -1
debug1: identity file /home/termitnik/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1 FreeBSD-20061110
debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[yyy.yyy.yyy.yyy]:****' is known and matches the DSA host key.
debug1: Found key in /home/termitnik/.ssh/known_hosts:12
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/termitnik/.ssh/identity
debug1: Trying private key: /home/termitnik/.ssh/id_rsa
debug1: Trying private key: /home/termitnik/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
----------------10 sec pause------------------------
Last login: Tue Aug  9 05:09:33 2011 from xxx.xxx.xxx.xxx
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 7.0-RELEASE-p1 (MYKERNEL) #0: Fri Jul 23 14:35:17 EEST 2010

кусок tcpdump в районе паузы

Код: Выделить всё

05:49:41.678989 IP xxx.xxx.xxx.xxx.58599 > yyy.yyy.yyy.yyy.****: P 1408:1792(384) ack 1888 win 33304 <nop,nop,timestamp 2330667746 4243737916>
05:49:41.679178 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 3280:3504(224) ack 1 win 8326 <nop,nop,timestamp 2625156353 2330667744>
05:49:41.679298 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 3504:3696(192) ack 1 win 8326 <nop,nop,timestamp 2625156353 2330667744>
05:49:41.679412 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 3696:3872(176) ack 1 win 8326 <nop,nop,timestamp 2625156353 2330667744>
05:49:41.734443 IP xxx.xxx.xxx.xxx.59689 > yyy.yyy.yyy.yyy.****: . ack 3504 win 33192 <nop,nop,timestamp 2330667802 2625156295>
05:49:41.734796 IP xxx.xxx.xxx.xxx.59689 > yyy.yyy.yyy.yyy.****: . ack 3872 win 33216 <nop,nop,timestamp 2330667803 2625156353>
05:49:41.778498 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.58599: . ack 1792 win 8326 <nop,nop,timestamp 4243738075 2330667746>
----------------10 sec pause------------------------
05:49:51.695002 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 3872:4000(128) ack 1 win 8326 <nop,nop,timestamp 2625166359 2330667803>
05:49:51.695135 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 4000:4224(224) ack 1 win 8326 <nop,nop,timestamp 2625166359 2330667803>
05:49:51.695262 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 4224:4432(208) ack 1 win 8326 <nop,nop,timestamp 2625166359 2330667803>
05:49:51.695551 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.58599: P 1888:1936(48) ack 1792 win 8326 <nop,nop,timestamp 4243747982 2330667746>
05:49:51.695644 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.59689: P 4432:4560(128) ack 1 win 8326 <nop,nop,timestamp 2625166360 2330667803>
05:49:51.695750 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.58599: P 1936:2032(96) ack 1792 win 8326 <nop,nop,timestamp 4243747982 2330667746>
05:49:51.695778 IP yyy.yyy.yyy.yyy.**** > xxx.xxx.xxx.xxx.58599: P 2032:2208(176) ack 1792 win 8326 <nop,nop,timestamp 4243747982 2330667746>

[Хостинг HostFood.ru]

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

[lap]

попробуй ссх серверу сказать чтоб ипи в имя не преобразовывал. или проверь доступность ДНСа.

[gumeniuc]

sshd_config:

useDNS -> No

[Termitnik]

Ещё раз специально для товарищей на тяжёлой военной технике: тормоза ПОСЛЕ ввода пароля, то есть DNS проверка уже пройдена (но она у меня отключена, если что).

[dmtr]

а покажите целиком sshd_config

[Termitnik]

Код: Выделить всё

cat /etc/ssh/sshd_config |grep -v ^$ |grep -v ^\#
Port 1122
Protocol 2
AllowUsers webadmin termitnik backup
SyslogFacility AUTH
LogLevel DEBUG
UseDNS no
Subsystem       sftp    /usr/libexec/sftp-server

[dmtr]

фигня какя-то.
а если залогиниться, и еще один коннект по ссш запустить и посмотреть что в системе происходит в момент паузы. тупо top или еще что-нить.