About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
SSH login system is slow.
Symptom
Customer login system with ssh, but login interface appears very slowly, need to find out the reason of SSH login system is slow.
Diagnosing The Problem
For SSH related problems, we can collect SSH debug data for analysis. The data collection method is as follows:
1> Create a temp testcase dir, ie
# mkdir /tmp/tc
# mkdir /tmp/tc
2> Enable DEBUG3 for sshd
Edit sshd_config file and set the following lines as shown "LogLevel DEBUG3":
# vi /etc/ssh/sshd_config
LogLevel DEBUG3
Edit sshd_config file and set the following lines as shown "LogLevel DEBUG3":
# vi /etc/ssh/sshd_config
LogLevel DEBUG3
3> Edit /etc/syslog.conf and add this line
*.debug /tmp/tc/syslog.out
*.debug /tmp/tc/syslog.out
4> Touch syslog out file
# touch /tmp/tc/syslog.out
# touch /tmp/tc/syslog.out
5> Refresh syslogd
# refresh -s syslogd
# refresh -s syslogd
6> Restart sshd
# stopsrc -s sshd
# startsrc -s sshd
# stopsrc -s sshd
# startsrc -s sshd
7> Start iptrace
# startsrc -s iptrace -a "-a -L 500000000 -p 22 /tmp/tc/iptrace.pcap"
# startsrc -s iptrace -a "-a -L 500000000 -p 22 /tmp/tc/iptrace.pcap"
8> Recreate ssh delay
9> Stop iptrace
# stopsrc -s iptrace
# stopsrc -s iptrace
10> Get copy of /etc/ssh dir
# cd /tmp/tc
# cp -pr /etc/ssh ssh.dir
# cd /tmp/tc
# cp -pr /etc/ssh ssh.dir
11> Package data
# cd /tmp/tc
# tar -cvf./sshlog.tar *
# gzip sshlog.tar
# cd /tmp/tc
# tar -cvf./sshlog.tar *
# gzip sshlog.tar
After collection, we can analyse /tmp/tc/ sygoogle.out and iptrace data
After analysing SSH debug data, we found that the system spent 80 seconds parsing the 192.168.0.9 address during login:
May 2 18:43:34 erp-proxy auth|security:debug sshd[7274616]: debug3: Trying to reverse map address 192.168.0.9.
May 2 18:44:54 erp-proxy auth|security:debug sshd[7274616]: debug2: parse_server_config: config reprocess config len 236
May 2 18:44:54 erp-proxy auth|security:debug sshd[7274616]: debug2: parse_server_config: config reprocess config len 236
Resolving The Problem
Adjust DNS resolution order of system by adding following to the /etc/netsvc.conf file:
hosts=local,bind4
---> Problem remains.
hosts=local,bind4
---> Problem remains.
Disable DNS in /etc/ssh/sshd_config file:
UseDNS no
---> Problem disappear.
UseDNS no
---> Problem disappear.
Therefore, this problem is caused by DNS Server resolution exception, resulting in SSH login slowly, need to check the configuration of DNS Server.
Note that except the DNS Settings on AIX, there are also DNS Settings in SSH configuration file, we need to check both of two DNS settings in case of related problems.
Document Location
Worldwide
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW1A1","label":"IBM Power Systems"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]
Was this topic helpful?
Document Information
More support for:
IBM Power Systems
Software version:
All Versions
Operating system(s):
AIX
Document number:
1165798
Modified date:
06 January 2020
UID
ibm11165798
Manage My Notification Subscriptions