The Geek Diary

HowTos | Basics | Concepts

Slow SSH login due to unreachable rsyslog server

By

The problem

We faced this weired issue last week, where the SSH to the servers was too slow. SSH to the Linux servers was taking long time around 30 seconds to 1 minute. SSH got stuck at the below prompt and no option to enter password for 30 seconds and password prompt was displayed but nothing goes further after entering the password.

# ssh -vvv [server_ip_address]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug3: cipher ok: arcfour [arcfour,aes128-ctr,aes192-ctr,aes256-ctr]
debug3: cipher ok: aes128-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr]
debug3: cipher ok: aes192-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr]
debug3: cipher ok: aes256-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr]
debug3: ciphers ok: [arcfour,aes128-ctr,aes192-ctr,aes256-ctr]
debug2: mac_setup: found hmac-sha1
debug3: mac ok: hmac-sha1 [hmac-sha1]
debug3: macs ok: [hmac-sha1]
...
debug1: Found key in /root/.ssh/known_hosts:36
debug2: bits set: 1063/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 813
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 865
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received

The Solution

SSH login to a linux server may get delayed or slow if you have a wrong rsyslog server entry or unreachable rsyslog server defined in the configuration file /etc/rsyslog.conf. To resolve the issue make sure rsyslog server is always reachable from the rsyslog clients. Or else as a workaround edit the rsyslog config file /etc/rsyslog.conf on the client side and comment out all the references related to rsyslog.

1. For example edit the file /etc/rsyslog.conf and comment out below three lines.

# vi /etc/rsyslog.conf
#*.* @@xxx.xxx.xxx.xxx:514
#daemon.*;daemon.!info /var/log/messages
#local0.info /var/log/asmaudit.log

2. Restart rsyslog service.

# service rsyslog restart        # CentOS/RHEL 6
# systemctl restart rsyslog      # CentOS/RHEL 7
Note: rsyslog service needs to be restarted in-case of any changes to rsyslog config file.

Conclusion

sshd service will trying to log the login attempts and other informative logs to syslog files but if there is load on system, or some issue with syslog service during that time then this delays the connections till the request is timed out. This can be worked around by either resolving the connectivity issue with rsyslog server or by commenting out the lines referencing the unreachable rsyslog server.

You May Also Like