Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections

To: debian-user@lists.debian.org
Subject: Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
From: "Gareth Evans" <donotspam@fastmail.fm>
Date: Sat, 15 Jul 2023 13:09:59 +0100
Message-id: <[🔎] 66a46092-7eb9-4f52-a63e-d3d3e8cc622d@app.fastmail.com>
In-reply-to: <[🔎] 85D1E10C-9DC5-41D2-B55B-6C7E73BF0A57@fastmail.fm>
References: <[🔎] CAPORhP5++uk4jwTKz_5ystxo8zo1EkZj7DUU1pJbTJpZeFjj9Q@mail.gmail.com> <[🔎] 85D1E10C-9DC5-41D2-B55B-6C7E73BF0A57@fastmail.fm>

On Wed 12 Jul 2023, at 18:29, Gareth Evans <donotspam@fastmail.fm> wrote:

>> On 12 Jul 2023, at 15:12, David Mehler <dave.mehler@gmail.com> wrote:
>> [sshd login takes a long time]

> [...] 
> Does
> 
> ssh -vvv ...
> 
> (at client) shed any light?

Replying to an off-list message from David in which he stated ssh -vvv waits after

> debug1: Entering interactive session.
> debug1: pledge: network

The same symptoms appear in an answer to

https://superuser.com/questions/166359/why-is-my-ssh-login-slow

which includes various solutions, some more permanent/apparently likely to help you than others.

Just out of interest, is the su command (on the ssh server machine) also affected by authentication delays?  This apparently suggests a PAM issue.

If you start a new ssh server on a different port and enable debugging:

$ sudo /usr/sbin/sshd -ddd -p1234

then at what point does it hang when you ssh from the other machine?  Don't forget to specify target port (with -p1234)

If PAM-related, then answers at the above link suggest:

1.  "I found that PAM was reading the file /var/log/btmp, which had become huge as a result of people trying to brute-force my server. This was leading to login times of a minute. Clearing this file solved the problem."

2.  "I noticed that when I change UsePAM yes to UsePAM no then this issue is resolved."

There may be security (or other) issues with (2).  To avoid the risk of locking yourself out of VPS I would

Copy /etc/ssh/sshd_config elsewhere 
Amend the copy to include UsePAM no

$ sudo /var/sbin/sshd -f /path/to/sshd_config_copy -ddd -p1235 

(NB use new port number if previous command still running)

then see if you can ssh to it.

If the issue is not solved by either of the above, please give any sshd debug output that seems relevant for a few lines before/after the wait.

To view the systemd journal, see 

man journalctl

You may however like to install rsyslog to get /var/log/syslog back.  Not sure if it's retro-active though.

HTH
Gareth

Reply to:

Follow-Ups:
- Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
  - From: "Gareth Evans" <donotspam@fastmail.fm>

References:
- latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
  - From: David Mehler <dave.mehler@gmail.com>
- Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
  - From: Gareth Evans <donotspam@fastmail.fm>

Prev by Date: External hard drive not detected in debian 12 live environment
Next by Date: Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
Previous by thread: Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
Next by thread: Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
Index(es):
- Date
- Thread