The latest x86 openssh kit

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply

Topic author
milehighmikey
Newbie
Posts: 3
Joined: Fri Aug 13, 2021 3:38 pm
Reputation: 0
Status: Offline

The latest x86 openssh kit

Post by milehighmikey » Wed Feb 15, 2023 4:59 pm

I installed the following products on 8 systems:

$ prod sho hist/sinc=1-feb
------------------------------------ ----------- ----------- --- -----------
PRODUCT KIT TYPE OPERATION VAL DATE
------------------------------------ ----------- ----------- --- -----------
VSI X86VMS OPENSSH V8.9-1C Full LP Install (D) 03-FEB-2023
VSI X86VMS SSL111 V1.1-1S Full LP Install (D) 03-FEB-2023
VSI X86VMS SSL3 V3.0-7 Full LP Install (D) 03-FEB-2023
VSI X86VMS VMSI18N V9.2 Full LP Install (D) 03-FEB-2023
VSI X86VMS SSL111 V1.1-1Q Full LP Remove - 03-FEB-2023
VSI X86VMS SSL3 V3.0-5 Full LP Remove - 03-FEB-2023
VSI X86VMS OPENSSH V8.9-1B Full LP Remove - 03-FEB-2023
------------------------------------ ----------- ----------- --- -----------

And on 3 of the 8 systems, we see lengthy delays in logging in over ssh. I am seeing 16 seconds of time pass, after inputting the password.

I began troubleshooting today and started by disabling login.com as well as sylogin.com and the delay was still there.
I then shut down ssh and reinstalled the latest kit. There was no change in performance.

Next, I downgraded only the Openssh product to a prior level, and the delays disappeared.

This is the product installation data for this system:

$ prod sho prod
------------------------------------ ----------- ---------
PRODUCT KIT TYPE STATE
------------------------------------ ----------- ---------
ORCL X86VMS CDD V7.4-0 Transition Installed
VMSPORTS X86VMS PERL534 T5.34-0 Full LP Installed
VSI X86VMS AVAIL_MAN_BASE V9.2 Full LP Installed
VSI X86VMS CMS V4.8-9 Full LP Installed
VSI X86VMS CXX V10.0-1 Full LP Installed
VSI X86VMS DECNET_PHASE_IV V9.2 Full LP Installed
VSI X86VMS DECSET V13.0-1 Platform Installed
VSI X86VMS DTM V4.5-6 Full LP Installed
VSI X86VMS DWMOTIF V1.8 Full LP Installed
VSI X86VMS DWMOTIF_SUPPORT V9.2 Full LP Installed
VSI X86VMS ENVMGR V1.9-5 Full LP Installed
VSI X86VMS KERBEROS V3.3-2 Full LP Installed
VSI X86VMS MMS V4.0-4 Full LP Installed
VSI X86VMS OPENSSH V8.8-1D Full LP Installed
VSI X86VMS OPENVMS V9.2 Platform Installed
VSI X86VMS SSL111 V1.1-1S Full LP Installed
VSI X86VMS SSL3 V3.0-7 Full LP Installed
VSI X86VMS TCPIP X6.0-16 Full LP Installed
VSI X86VMS VMS V9.2 Oper System Installed

Our other hosts that are at these same releases but still running the latest OpenSSH do not exhibit these delays.

Only solution to restore proper ssh logins on the 3 slow systems is to downgrade OpenSSH.

What should I do now?

Thanks,

Mike


sms
Master
Posts: 317
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: The latest x86 openssh kit

Post by sms » Wed Feb 15, 2023 11:33 pm

Code: Select all

> I installed the following products on 8 systems:

   Ok.

   "VSI X86VMS OPENSSH V8.9-1B Full LP Remove [...]" means that
everything worked properly with the older version?

> And on 3 of the 8 systems, [...]

   And what makes those systems special?

> [...] we see lengthy delays in logging in over ssh. [...]

> What should I do now?

   Generally, the debug procedure for the ssh client side involves
adding a "-v" option ("-vvv" seems to be popular) to the "ssh" command,
and seeking clues in the diagnostic output.  (What's it doing when the
process pauses?)  On the server side, the system log files typically
show reasons for a failure.

   A frequent cause of remote log-in delays (typically 30s or more) is a
bad DNS configuration.  Many server programs attempt to do a reverse
(address-to-name) look-up on a client when the client tries to connect. 
If the DNS configuration is bad, then it may take a long time (30s?) for
that name look-up to fail.

   A Forum (or Web) search for keywords like "slow Telnet" or "slow SSH"
should find many examples.

   A quick test for this problem would be to run a command like the
following on the SSH/Telnet server:

      nslookup ip.address.of.client

   If that command fails (slowly), then you should probably look at the
DNS resolver configuration of the server.

> Only solution [...] is [...]

   It might be a little premature to declare that to be _the_ "Only
solution".  Such a declaration suggests that you've tried all other
potential solutions.  The non-psychics in your audience might not know
what all you tried.

Post Reply