The problem
We faced this weired issue last week, where the SSH to the servers was too slow. SSH to the Linux servers was taking long time around 30 seconds to 1 minute. SSH got stuck at the below prompt and no option to enter password for 30 seconds and password prompt was displayed but nothing goes further after entering the password.
# ssh -vvv [server_ip_address] OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug3: cipher ok: arcfour [arcfour,aes128-ctr,aes192-ctr,aes256-ctr] debug3: cipher ok: aes128-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr] debug3: cipher ok: aes192-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr] debug3: cipher ok: aes256-ctr [arcfour,aes128-ctr,aes192-ctr,aes256-ctr] debug3: ciphers ok: [arcfour,aes128-ctr,aes192-ctr,aes256-ctr] debug2: mac_setup: found hmac-sha1 debug3: mac ok: hmac-sha1 [hmac-sha1] debug3: macs ok: [hmac-sha1] ... debug1: Found key in /root/.ssh/known_hosts:36 debug2: bits set: 1063/2048 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 813 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 52 bytes for a total of 865 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received
The Solution
SSH login to a linux server may get delayed or slow if you have a wrong rsyslog server entry or unreachable rsyslog server defined in the configuration file /etc/rsyslog.conf. To resolve the issue make sure rsyslog server is always reachable from the rsyslog clients. Or else as a workaround edit the rsyslog config file /etc/rsyslog.conf on the client side and comment out all the references related to rsyslog.
1. For example edit the file /etc/rsyslog.conf and comment out below three lines.
# vi /etc/rsyslog.conf #*.* @@xxx.xxx.xxx.xxx:514 #daemon.*;daemon.!info /var/log/messages #local0.info /var/log/asmaudit.log
2. Restart rsyslog service.
# service rsyslog restart # CentOS/RHEL 6 # systemctl restart rsyslog # CentOS/RHEL 7
Conclusion
sshd service will trying to log the login attempts and other informative logs to syslog files but if there is load on system, or some issue with syslog service during that time then this delays the connections till the request is timed out. This can be worked around by either resolving the connectivity issue with rsyslog server or by commenting out the lines referencing the unreachable rsyslog server.