8

When connecting to a Linux SSH server using PuTTY, the PuTTY log shows 2 authentication attempts. The first attempt uses "root" as the username and no password. "none" is displayed in the first packet, meaning no password was used. The connection fails because the Linux SSH server is configured to only authenticate connections that have a password or public key. The second attempt uses "root" as the username and "SECRET" as the password. Access is granted because "root" and "SECRET" are a valid username/password for the Linux SSH server.

enter image description here

After clicking on the Open button in PuTTY, immediately the prompt to enter username "root" appears. After entering username "root", it takes about 8 seconds for the password prompt to appear. I am certain the cause of this 8 second delay is because the client and server are busy with the first authentication attempt that has "none" and no password. After entering password SECRET and pressing enter, access is granted immediately.

enter image description here

I am not certain why PuTTY first attempts to connect with username "root" and no password. Is there some way to configure PuTTY to not make the first attempt with username "root" and no password.

JeremyCanfield
  • 413
  • 4
  • 11
  • 17
  • Export HKEY_CURRENT_USER\Software\SimonTatham and erase that key after, and try again please to connect. – yagmoth555 Oct 06 '16 at 02:17
  • Thank you for the recommendation to delete the HKEY_CURRENT_USER\Software\SimonTatham. I is definitely helpful to know exactly were in the registry PuTTY resides. I appreciate the insight. – JeremyCanfield Oct 06 '16 at 03:06

1 Answers1

7

I'd also look at your DNS... maybe. Can the server you're connecting to resolve DNS properly? Could you add a temporary host entry with your source IP in the server to test?

See: SSH takes about 30 seconds to connect on my computer

Community
  • 1
ewwhite
  • 197,159
  • 92
  • 443
  • 809
  • Thank you very much ewwhite, this was indeed a DNS issue. I did not mention this - the IP addressing scheme of the LAN was redesigned prior to the latency with PuTTY, which is what introduced the DNS issue. Thank you very much for your answer. – JeremyCanfield Oct 06 '16 at 03:05
  • 1
    @JeremyCanfield Thanks for the good and well-formed question. – ewwhite Oct 06 '16 at 03:06
  • Just a quick question: Why is this a DNS-issue? Wasn't the connection already established when he entered his username or does putty only start the connection after you enter the username? – Broco Oct 06 '16 at 08:19
  • @Broco Because the SSH-server tries to reverse lookup the hostname for the IP address which is connecting. – Manawyrm Oct 06 '16 at 08:29
  • @TobiasMädel yes I know but the OP said that the problem occured after he typed in the username which happens AFTER the initial connection on Linux ssh-clients. E.g. if I have a DNS issue on my SSH server I have to wait at the moment I establish the connection. Once it's established, nothing hangs anymore and I can type in username and password without waiting time. That's why I ask if putty establishes the connection AFTER you type in the username, not before. – Broco Oct 06 '16 at 08:34
  • @Broco The SSH server itself does a Reverse-DNS lookup after that. – Manawyrm Oct 06 '16 at 08:35
  • It looks up the IP address of the connecting client via DNS. The forward resolving for connecting is already over, yes. – Manawyrm Oct 06 '16 at 08:35
  • Shouldnt you close the question as duplicate instead? – Daniel W. Oct 06 '16 at 09:44
  • @TobiasMädel I know that the server does it, you can disable it by adding `UseDNS no` to sshd_config. My question wasn't about the resolving but about how each program handles connections. I looked it up now; the Linux ssh client connects to the server directly with the command (e.g. ssh root@example.com), that's where the reverse DNS lookup happens (and the waiting if DNS is still disabled on the server), on Putty the window "fakes" the connection. It looks like you are already connected since it asks you for a username but tries to connect only AFTER you enter the username and pressed enter. – Broco Oct 06 '16 at 10:54
  • @DanFromGermany Why? – ewwhite Oct 06 '16 at 19:21
  • There were some observations that my question may have been a duplicate of [this](http://serverfault.com/questions/183487/ssh-delay-when-connecting) or [this](http://serverfault.com/questions/454167/ssh-takes-about-30-seconds-to-connect-on-my-computer/454169#454169) question. I agree - my question was indeed a duplicate. Oops! – JeremyCanfield Oct 07 '16 at 04:28
  • 1
    I was able to be certain that the 8 second delay was indeed a DNS issue. Recently, the IP address scheme in the LAN was revised. However, the Linux SSH servers were still pointing to the prior IP address of the DNS servers. Once the SSH servers were updated to have the new IP address of the DNS server, after entering username "root", the password prompt appeared immediately. I really appreciate all of the thoughts shared here. This was a good learning experience. – JeremyCanfield Oct 07 '16 at 04:29