Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: djhomeless on January 22, 2005, 05:13:53 PM
-
Hi Everyone,
I'm struggling to figure out the root cause of a serious issue I am suffering.
Logging onto the server manager by host or IP on the internal LAN is rather fast as you expect. However, when using ssh, imap using a variety of clients (Thunderbird, Outlook, and KMail), or Webmail, the actual authentication handshake seems to take a long time!
For instance, when I login via ssh internally, the request for the password comes immediatly after I run ssh root@host. However after inputting the password, it takes about 10-12 seconds to succeed.
Opening a mail client takes about 20 seconds to simply open the folders and mail.
Once connected everything seems to work as normal (ie no lag or ghosting).
Running top -i shows that my server is running 97.7% (give or take) idle, with plenty of surplus resources.
Any ideas? I'm not using the server as a DHCP server, and I've already attempted the reverse dns fix as suggested here (http://"http://forums.contribs.org/index.php?topic=21360.msg84399#msg84399")
Any suggestions or advice would be very appreciated!
Thanks,
Geoffrey
-
Could this bug report be somehow related to my issue?
http://no.longer.valid/mantis/bug_view_page.php?bug_id=109
It does seem slightly different. The bug discusses different subnets of a local network having trouble with reverse DNS.
Thanks in advance,
Geoffrey
-
Sorry for the bump, I'm really desperate to figure this out.
Just tried connecting externally and it was lightning fast. Surely this is an internal DNS issue???
thanks!
Geoffrey
-
.. any info in the logs (yep, check as many as makes sense)?
-
Thats the problem, there doesn't seem to be a session-type log or one related to ssh.
The message log had just this to say:
Jan 25 22:23:11 hostname sshd[8902]: Accepted password for root from 192.168.0.6 port 34857 ssh2
My server is not providing DHCP to the local network. Outside of that, I'm really stumped!
thanks,
Geoffrey
-
Have you watched the top output while running a login process, does anything spike?
If the SME box is not used for DHCP then something lese is doing the job or your using static; if DHCP try releasing & then renewing a lease.
Do you have a another WINS server? If not make sure your DHCP server nominates the SME box for this task.
Try using the mailserver IP for IMAP instead of its name to test for faulty name resolution.
Try creating a brand new test account and verify if it beahves any differently.
Have you installed any updates recently (especially the patches to openssh & openssl)? If so, then rerun:
/sbin/e-smith/expand-template /etc/ssh/sshd_config
/sbin/e-smith/signal-event remoteaccess-update
check for errors and if ok then:
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot
to make sure all changes have been processed correctly.
HTH
-
Thanks for your help.
I've tried a lot of different stuff, none seems to work:
1. Using IP instead of host for ssh and imap.
2. Turning on DHCP
3. Manually setting the host in the /etc/hosts file on my client machine
4. Updating SSH and running the commands you mentioned (including reboot).
It just seems so odd. When I hit any web page it just flys. Even the webmail authenticates quickly and displays my mail.
In addion to my ssh probs, I also have trouble wit IMAP listing my inbox (with only 4-5 mails), which takes up to 30-40 seconds (regardless if I'm doing it internally, or remotely). Sending of course takes forever too.
The only other useful bit of info is my server and local clients are all connected via my Netgear Wireless Router/Firewall. The server is via a hard line, the client via a wireless card. Right now the firewall has ssh, imap, and smtp rules but that really only governs external traffic (not internal). Internal I assume is wide open.
Going a bit mad here. Any help would be very appreciated.
Geoffrey
-
Ok so I sort of have fixed the problem but it is just short term.
If I add my host and IP in the /etc/hosts file, I then can quickly login using ssh. However, as I have now enabled dhcp, this doesn't seem to be a great way to go (also I'm not sure how to properly add to this file with sme overwriting it).
This also doesn't solve my IMAP problem but I'm happy to at least have one (sort of) resolution.
Geoffrey