Weird delay in ssh login

To: debian-user@lists.debian.org
Subject: Weird delay in ssh login
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Mon, 21 Feb 2022 19:18:36 -0500
Message-id: <[🔎] jwvv8x7ixd9.fsf-monnier+gmane.linux.debian.user@gnu.org>

Hi,

I have a VM here which gives me weird delays when I log into it (which
I can only do via SSH) since I upgraded it to Bullseye.

The connection looks like:

    % ssh -v ...
    [...]
    debug1: control_persist_detach: backgrounding master process
    debug1: forking to background
    debug1: Entering interactive session.
    debug1: pledge: id
    debug1: multiplexing control connection
    debug1: channel 1: new [mux-control]
    debug1: channel 2: new [client-session]
    [ !!! a bit more than 1m30s delay here !!! ]
    debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
    debug1: Remote: /home/.../.ssh/authorized_keys:NN: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
    debug1: Remote: /home/.../.ssh/authorized_keys:NN: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
    [...]

Any idea what might be going on or how I could debug this?

`journalctl | grep sshd` doesn't show much of interest around that time:

    Feb 21 19:02:34 ... sshd[...]: Accepted publickey for <MYUSER> from <MYIP> port 45732 ssh2: RSA ...
    Feb 21 19:02:34 ... sshd[...]: pam_unix(sshd:session): session opened for user <MYUSER>(uid=<MYUID>) by (uid=0)
    Feb 21 19:02:53 ... sshd[...]: Received disconnect from 109.230.224.192 port 33352:11: Bye Bye [preauth]
    Feb 21 19:02:53 ... sshd[...]: Disconnected from authenticating user root 109.230.224.192 port 33352 [preauth]
    Feb 21 19:03:26 ... sshd[...]: Invalid user mailing from 165.22.53.200 port 49372
    Feb 21 19:03:26 ... sshd[...]: Received disconnect from 165.22.53.200 port 49372:11: Bye Bye [preauth]
    Feb 21 19:03:26 ... sshd[...]: Disconnected from invalid user mailing 165.22.53.200 port 49372 [preauth]
    Feb 21 19:03:32 ... sshd[...]: Connection closed by 13.92.91.254 port 47988 [preauth]
    Feb 21 19:03:55 ... sshd[...]: Invalid user yogesh from 74.208.53.194 port 44634
    Feb 21 19:03:55 ... sshd[...]: Received disconnect from 74.208.53.194 port 44634:11: Bye Bye [preauth]
    Feb 21 19:03:55 ... sshd[...]: Disconnected from invalid user yogesh 74.208.53.194 port 44634 [preauth]
    Feb 21 19:04:16 ... sshd[...]: Invalid user fiona from 178.128.218.29 port 57610

Only the first two entries seem related to my connection (and share the
same PID), the rest (from which I didn't scrub the IP and user names)
are the usual relentless attempts to log into the machine from botnets.


        Stefan

Reply to:

Follow-Ups:
- Re: Weird delay in ssh login
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Touch Screen and Rodent
Next by Date: Re: Trying to deug initramfs boot delay
Previous by thread: [solved] Re: Trying to deug initramfs boot delay
Next by thread: Re: Weird delay in ssh login
Index(es):
- Date
- Thread