Re: latest upgrade to systemd 252.12-1 error about invalid attributes /var/log/journal and slow sshd connections
On Wed 12 Jul 2023, at 18:29, Gareth Evans <donotspam@fastmail.fm> wrote:
>> On 12 Jul 2023, at 15:12, David Mehler <dave.mehler@gmail.com> wrote:
>> [sshd login takes a long time]
> [...]
> Does
>
> ssh -vvv ...
>
> (at client) shed any light?
Replying to an off-list message from David in which he stated ssh -vvv waits after
> debug1: Entering interactive session.
> debug1: pledge: network
The same symptoms appear in an answer to
https://superuser.com/questions/166359/why-is-my-ssh-login-slow
which includes various solutions, some more permanent/apparently likely to help you than others.
Just out of interest, is the su command (on the ssh server machine) also affected by authentication delays? This apparently suggests a PAM issue.
If you start a new ssh server on a different port and enable debugging:
$ sudo /usr/sbin/sshd -ddd -p1234
then at what point does it hang when you ssh from the other machine? Don't forget to specify target port (with -p1234)
If PAM-related, then answers at the above link suggest:
1. "I found that PAM was reading the file /var/log/btmp, which had become huge as a result of people trying to brute-force my server. This was leading to login times of a minute. Clearing this file solved the problem."
2. "I noticed that when I change UsePAM yes to UsePAM no then this issue is resolved."
There may be security (or other) issues with (2). To avoid the risk of locking yourself out of VPS I would
Copy /etc/ssh/sshd_config elsewhere
Amend the copy to include UsePAM no
$ sudo /var/sbin/sshd -f /path/to/sshd_config_copy -ddd -p1235
(NB use new port number if previous command still running)
then see if you can ssh to it.
If the issue is not solved by either of the above, please give any sshd debug output that seems relevant for a few lines before/after the wait.
To view the systemd journal, see
man journalctl
You may however like to install rsyslog to get /var/log/syslog back. Not sure if it's retro-active though.
HTH
Gareth
Reply to: