[ale] more fun with ssh

Wolf Halton wolf.halton at gmail.com
Tue Aug 14 07:56:26 EDT 2012


Do you think it would speed things up to go ahead and implement ldap?

On Tue, Aug 14, 2012 at 7:35 AM, Wolf Halton <wolf.halton at gmail.com> wrote:

> I can see I have it querying the external domain-name of the network
> rather than localdomain.
>
> wolf at lva-01:~$ host 192.168.10.26
> Host 26.10.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
> wolf at lva-01:~$ host NAGIOS-01
> NAGIOS-01.example.org has address 112.136.19.115
> # Not real IP  This is the machine name, It's the public IP of the main
> fqdn and catchall for improperly-named sub-domains, and not the private IP
> by which  NAGIOS-01 communicates with the slowpoke
>
> wolf at lva-01:~$ dig NAGIOS-01
> Since this A record doesn't exist, the answers are useless.  However when
> I dig the actual subdomain, nagios.example.org, it gives the right public
> IP.
>
>
>
>
> On Mon, Aug 13, 2012 at 8:37 AM, Lightner, Jeff <JLightner at water.com>wrote:
>
>>   If adding it to /etc/hosts resolved the issue it makes it sound as if
>> your issue is name resolution.****
>>
>> ** **
>>
>> Is the slowpoke Linux?****
>>
>> What is in /etc/nsswitch.conf on the slowpoke for the “hosts” line?  (You
>> may need to look at other lines for IPv6 if not Linux.)****
>>
>> If hosts line has “files” before “dns” what is in /etc/resolv.conf?
>> Does it try nis?****
>>
>> What happens if you try “host <nagios master>” from the slowpoke?  What
>> if you try “dig <nagios master>”.****
>>
>> ** **
>>
>> ** **
>>
>> *From:* ale-bounces at ale.org [mailto:ale-bounces at ale.org] *On Behalf Of *Wolf
>> Halton
>> *Sent:* Sunday, August 12, 2012 7:15 PM
>> *To:* Atlanta Linux Enthusiasts
>> *Subject:* Re: [ale] more fun with ssh****
>>
>> ** **
>>
>> thanks.****
>>
>> http://evergreen-community-01.lyrasistechnology.org
>> http://sourcefreedom.com
>> Apache developer:
>> wolfhalton at apache.org****
>>
>> On Aug 12, 2012 5:49 PM, "Jim Kinney" <jim.kinney at gmail.com> wrote:****
>>
>> You can force version 2 only in confug. Ssh_version 2 is setting I think.
>> ****
>>
>> On Aug 12, 2012 11:01 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:***
>> *
>>
>> ** **
>>
>> On Sun, Aug 12, 2012 at 10:37 AM, Wolf Halton <wolf.halton at gmail.com>
>> wrote:****
>>
>> ** **
>>
>> On Sun, Aug 12, 2012 at 10:32 AM, Wolf Halton <wolf.halton at gmail.com>
>> wrote:****
>>
>> ** **
>>
>> On Sun, Aug 12, 2012 at 10:19 AM, Jim Kinney <jim.kinney at gmail.com>
>> wrote:****
>>
>> It still tries to resolve the ip to a host name. If you're not using dns
>> for that segment, put a name in etc/hosts.****
>>
>> On Aug 12, 2012 9:52 AM, "Wolf Halton" <wolf.halton at gmail.com> wrote:****
>>
>>  Why would one of the hosts in my network take a very long time (over 10
>> seconds) to negotiate a connection from another host on the same lan. Using
>> IP address only, no DNS resolution involved.****
>>
>> This would only be an interesting  oddity if it didn't time out nagios
>> checks.****
>>
>> Wolf****
>>
>> http://evergreen-community-01.lyrasistechnology.org
>> http://sourcefreedom.com
>> Apache developer:
>> wolfhalton at apache.org****
>>
>> ** **
>>
>>
>>
>>
>>
>>        _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo****
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo****
>>
>> ** **
>>
>> debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug1: Host '192.168.10.56' is known and matches the RSA host key.
>> debug1: Found key in /home/nagios/.ssh/known_hosts:32
>> debug1: ssh_rsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> %% slowdown is right here %%
>> debug1: Authentications that can continue: publickey,password
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home/nagios/.ssh/identity
>> debug1: Offering public key: /home/nagios/.ssh/id_rsa
>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>> debug1: read PEM private key done: type RSA
>> debug1: Authentication succeeded (publickey).
>> debug1: channel 0: new [client-session]
>> debug1: Requesting no-more-sessions at openssh.com
>> debug1: Entering interactive session.
>> debug1: Sending environment.
>> debug1: Sending env LANG = en_US.UTF-8
>>
>> Why would only this host have that slow-down and none of the others?
>> --
>> This Apt Has Super Cow Powers - http://sourcefreedom.com
>> Open-Source Software in Libraries - http://FOSS4Lib.org
>> Advancing Libraries Together - http://LYRASIS.org
>> Apache Open Office Developer wolfhalton at apache.org****
>>
>> ** **
>>
>> How would I get it to NOT check reverse DNS?
>> http://ubuntuforums.org/showthread.php?t=1699197
>>
>> "Just add the parameter "UseDNS no" on /etc/ssh/sshd_config" to the
>> remote host I am shelling into?
>> ****
>>
>>
>> --
>> This Apt Has Super Cow Powers - http://sourcefreedom.com
>> Open-Source Software in Libraries - http://FOSS4Lib.org
>> Advancing Libraries Together - http://LYRASIS.org
>> Apache Open Office Developer wolfhalton at apache.org****
>>
>>
>> Well adding the nagios server to the /etc/hosts file of the slowpoke,
>> worked for that server, and adding the "UseDNS no" parameter to the
>> /etc/sshd_config file on the slowpoke made other local servers access it
>> properly.
>> Now my question is, "Why does the system have to convert to SSH type I
>> and how do I get it to use type II?
>>
>> --
>> This Apt Has Super Cow Powers - http://sourcefreedom.com
>> Open-Source Software in Libraries - http://FOSS4Lib.org
>> Advancing Libraries Together - http://LYRASIS.org
>> Apache Open Office Developer wolfhalton at apache.org
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo****
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo****
>>
>>
>>
>>
>>
>> Athena®, Created for the Cause™
>>
>> Making a Difference in the Fight Against Breast Cancer
>>
>>
>>
>>
>>
>> *How and Why I Should Support Bottled Water!
>> *Do not relinquish your right to choose bottled water as a healthy
>> alternative to beverages that contain sugar, calories, etc. Your support of
>> bottled water will make a difference! Your signatures count! Go to
>> http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and
>> sign a petition to support your right to always choose bottled water. Help
>> fight federal and state issues, such as bottle deposits (or taxes) and
>> organizations that want to ban the sale of bottled water. Support community
>> curbside recycling programs. Support bottled water as a healthy way to
>> maintain proper hydration. Our goal is 50,000 signatures. Share this
>> petition with your friends and family today!
>>
>>
>>
>> ---------------------------------
>> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
>> confidential information and is for the sole use of the intended
>> recipient(s). If you are not the intended recipient, any disclosure,
>> copying, distribution, or use of the contents of this information is
>> prohibited and may be unlawful. If you have received this electronic
>> transmission in error, please reply immediately to the sender that you have
>> received the message in error, and delete it. Thank you.
>> ----------------------------------****
>>
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> This Apt Has Super Cow Powers - http://sourcefreedom.com
> Open-Source Software in Libraries - http://FOSS4Lib.org
> Advancing Libraries Together - http://LYRASIS.org
> Apache Open Office Developer wolfhalton at apache.org
>
>


-- 
This Apt Has Super Cow Powers - http://sourcefreedom.com
Open-Source Software in Libraries - http://FOSS4Lib.org
Advancing Libraries Together - http://LYRASIS.org
Apache Open Office Developer wolfhalton at apache.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120814/092963c3/attachment.html 


More information about the Ale mailing list