# ssh delay problem

## NightTwix

I encounter a strange problem.

What i want to do is to run (Nagios) commands by ssh. Which works fine, except that there is _sometimes_ a 1 minute delay before the command finishes.

This has nothing to do with nagios as this happens with every command I try.

Normal execution time is under 1 sec, but every 5-10 times it takes just over 1 minute.

Without delay:

```
# time /usr/bin/ssh -v -v -v -l sichern -i /home/nagios/.ssh/id_rsa-sichern 172.20.10.125 'check_disk -p /'

OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 172.20.10.125 [172.20.10.125] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug3: Not a RSA1 key file /home/nagios/.ssh/id_rsa-sichern.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/nagios/.ssh/id_rsa-sichern type 1

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1

debug1: match: OpenSSH_3.8p1 pat OpenSSH_3.*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.3

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 123/256

debug2: bits set: 495/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 18

debug1: Host '172.20.10.125' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:18

debug2: bits set: 487/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/nagios/.ssh/id_rsa-sichern (0x8088ab8)

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/nagios/.ssh/id_rsa-sichern

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug1: Remote: Forced command: echo a >/dev/null

debug1: Server accepts key: pkalg ssh-rsa blen 277

debug2: input_userauth_pk_ok: fp 12:53:2a:00:7a:a1:12:f9:a1:8b:75:1d:6d:fe:75:60

debug3: sign_and_send_pubkey

debug1: read PEM private key done: type RSA

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug1: Remote: Forced command: echo a >/dev/null

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug1: Sending command: check_disk -w 1000 -c 100 -p /

debug2: channel 0: request exec confirm 0

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel 0: rcvd adjust 131072

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug2: channel 0: rcvd eof

debug2: channel 0: output open -> drain

debug2: channel 0: rcvd close

debug2: channel 0: close_read

debug2: channel 0: input open -> closed

debug3: channel 0: will not send data after close

DISK OK - free space: / 29980 MB (89%);| /=3662MB;32642;33542;0;33642

debug3: channel 0: will not send data after close

debug2: channel 0: obuf empty

debug2: channel 0: close_write

debug2: channel 0: output drain -> closed

debug2: channel 0: almost dead

debug2: channel 0: gc: notify user

debug2: channel 0: gc: user detached

debug2: channel 0: send close

debug2: channel 0: is dead

debug2: channel 0: garbage collecting

debug1: channel 0: free: client-session, nchannels 1

debug3: channel 0: status: The following connections are open:

  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 6 c -1

debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0

debug1: Exit status 0

real    0m0.869s

user    0m0.050s

sys     0m0.000s

```

With delay:

```
# time /usr/bin/ssh -v -v -v -l sichern -i /home/nagios/.ssh/id_rsa-sichern 172.20.10.125 'check_disk -p /'

OpenSSH_4.3p2, OpenSSL 0.9.8d 28 Sep 2006

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 172.20.10.125 [172.20.10.125] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug3: Not a RSA1 key file /home/nagios/.ssh/id_rsa-sichern.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/nagios/.ssh/id_rsa-sichern type 1

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8p1

debug1: match: OpenSSH_3.8p1 pat OpenSSH_3.*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.3

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 118/256

debug2: bits set: 506/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 18

debug1: Host '172.20.10.125' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:18

debug2: bits set: 510/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/nagios/.ssh/id_rsa-sichern (0x8088ab8)

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/nagios/.ssh/id_rsa-sichern

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug1: Remote: Forced command: echo a >/dev/null

debug1: Server accepts key: pkalg ssh-rsa blen 277

debug2: input_userauth_pk_ok: fp 12:53:2a:00:7a:a1:12:f9:a1:8b:75:1d:6d:fe:75:60

debug3: sign_and_send_pubkey

debug1: read PEM private key done: type RSA

debug1: Remote: Port forwarding disabled.

debug1: Remote: X11 forwarding disabled.

debug1: Remote: Agent forwarding disabled.

debug1: Remote: Forced command: echo a >/dev/null

*** delay be here ***

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug1: Sending command: check_disk -w 1000 -c 100 -p /

debug2: channel 0: request exec confirm 0

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel 0: rcvd adjust 131072

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug2: channel 0: rcvd eof

debug2: channel 0: output open -> drain

debug2: channel 0: rcvd close

debug2: channel 0: close_read

debug2: channel 0: input open -> closed

debug3: channel 0: will not send data after close

DISK OK - free space: / 29980 MB (89%);| /=3662MB;32642;33542;0;33642

debug3: channel 0: will not send data after close

debug2: channel 0: obuf empty

debug2: channel 0: close_write

debug2: channel 0: output drain -> closed

debug2: channel 0: almost dead

debug2: channel 0: gc: notify user

debug2: channel 0: gc: user detached

debug2: channel 0: send close

debug2: channel 0: is dead

debug2: channel 0: garbage collecting

debug1: channel 0: free: client-session, nchannels 1

debug3: channel 0: status: The following connections are open:

  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 6 c -1

debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0

debug1: Exit status 0

real    1m0.647s

user    0m0.040s

sys     0m0.000s

```

Is there a problem between the two ssh versions? OpenSSH_3.8p1 vs OpenSSH_4.3p2

Why is this problem just appearing sometimes?

What can I do to resolve the problem? 

I already tried "UseDNS no" in the remote config...

----------

## Princess Nell

I can't really comment on the ssh side of things, but have you tried to run sshd in debug mode to

look at the problem on the server side?

Other than that, have you considered using NSCA or NRPE?

----------

## NightTwix

 *Princess Nell wrote:*   

> I can't really comment on the ssh side of things, but have you tried to run sshd in debug mode to
> 
> look at the problem on the server side?

 

not yet, but good idea

I gonna try this tomorrow

 *Princess Nell wrote:*   

> Other than that, have you considered using NSCA or NRPE?

 

yes, but i felt more confident going the ssh way ... instead of installing some outdated versions with yast (remote machine is SuSE)

----------

## NightTwix

i did some more testing and the delay doesn't exist when logging in with a password.

So it has something to do with keybased authentication. But what?!  :Smile: 

In another thread i read about apache with ssl not restarting because there's a lack of enough entropy.

Could this be the case here as well?

for the sake of completness, here is the server-side debug:

```
# sshd -p 122 -d

debug1: sshd version OpenSSH_3.8p1

debug1: private host key: #0 type 0 RSA1

debug1: read PEM private key done: type RSA

debug1: private host key: #1 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #2 type 2 DSA

debug1: Bind to port 122 on ::.

Server listening on :: port 122.

Generating 768 bit RSA key.

RSA key generation complete.

debug1: Server will not fork when running in debugging mode.

Connection from ::ffff:172.20.10.35 port 44367

debug1: Client protocol version 2.0; client software version OpenSSH_4.3

debug1: match: OpenSSH_4.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-1.99-OpenSSH_3.8p1

debug1: permanently_set_uid: 71/65

debug1: list_hostkey_types: ssh-rsa,ssh-dss

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received

debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: KEX done

debug1: userauth-request for user sichern service ssh-connection method none

debug1: attempt 0 failures 0

debug1: PAM: initializing for "sichern"

Failed none for sichern from ::ffff:172.20.10.35 port 44367 ssh2

debug1: userauth-request for user sichern service ssh-connection method publickey

debug1: attempt 1 failures 1

debug1: test whether pkalg/pkblob are acceptable

debug1: PAM: setting PAM_RHOST to "172.20.10.35"

debug1: PAM: setting PAM_TTY to "ssh"

debug1: temporarily_use_uid: 1001/65534 (e=0/0)

debug1: trying public key file /home/sichern/.ssh/authorized_keys

debug1: matching key found: file /home/sichern/.ssh/authorized_keys, line 1

Found matching RSA key: 12:53:2a:00:7a:a1:12:f9:a1:8b:75:1d:6d:fe:75:60

debug1: restore_uid: 0/0

Postponed publickey for sichern from ::ffff:172.20.10.35 port 44367 ssh2

debug1: userauth-request for user sichern service ssh-connection method publickey

debug1: attempt 2 failures 1

debug1: temporarily_use_uid: 1001/65534 (e=0/0)

debug1: trying public key file /home/sichern/.ssh/authorized_keys

debug1: matching key found: file /home/sichern/.ssh/authorized_keys, line 1

Found matching RSA key: 12:53:2a:00:7a:a1:12:f9:a1:8b:75:1d:6d:fe:75:60

debug1: restore_uid: 0/0

debug1: ssh_rsa_verify: signature correct

*** delay here ***

Accepted publickey for sichern from ::ffff:172.20.10.35 port 44367 ssh2

debug1: monitor_child_preauth: sichern has been authenticated by privileged process

Accepted publickey for sichern from ::ffff:172.20.10.35 port 44367 ssh2

debug1: PAM: reinitializing credentials

debug1: permanently_set_uid: 1001/65534

debug1: Entering interactive session for SSH2.

debug1: server_init_dispatch_20

debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768

debug1: input_session_request

debug1: channel 0: new [server-session]

debug1: session_new: init

debug1: session_new: session 0

debug1: session_open: channel 0

debug1: session_open: session 0: link with channel 0

debug1: server_input_channel_open: confirm session

debug1: server_input_channel_req: channel 0 request exec reply 0

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req exec

debug1: Forced command 'echo a >/dev/null'

debug1: Received SIGCHLD.

debug1: session_by_pid: pid 24567

debug1: session_exit_message: session 0 channel 0 pid 24567

debug1: session_exit_message: release channel 0

debug1: session_close: session 0 pid 24567

debug1: channel 0: free: server-session, nchannels 1

Connection closed by ::ffff:172.20.10.35

debug1: do_cleanup

debug1: PAM: cleanup

Closing connection to ::ffff:172.20.10.35

debug1: PAM: cleanup
```

----------

## Janne Pikkarainen

The lack of entropy bites you in very odd situations. This could very well be one of those situations. Try to emerge rng-tools and start rngd with /etc/init.d/rngd start. See if it helps.

----------

## NightTwix

I installed the rng-tools on both machines but that didn't solve the problem.

The entropy (/proc/sys/random/entropy_available) did fill up faster with rngd but it didnt change the described behaviour.

I'm about to raise the nagios plugin timeout to above one minute for this check and just live with the problem.

Except someone has another hint...

----------

