Slow response to SSH from within network?

[Henry Spencer]

On Tue, 26 Jul 2005, William O'Higgins wrote:
> I log into it via ssh pretty often.  I notice that there seems to be a
> ten second delay before offering a prompt...

There are two possible reasons for this.  They both fall under the same
general heading:  some network service isn't responding as expected, and
you have to wait for a timeout.

One possibility, as has already been mentioned, is that it's waiting for a
name lookup.  My experience has generally been that that causes longer
timeouts, though. 

The other is that sshd (the daemon on the receiving end) is calling back
to the sending end, to the "ident" service, asking to be told who's
calling it, so it can log the information... but the ident service is
being blocked by a firewall somewhere, probably on the sending end.
(That's common enough that the no-response-at-all timeout on ident calls
is generally set fairly short.)

I don't remember whether there's any way to tell sshd not to make the
ident call.  The alternatives are to run identd and let it through the
firewall, or adjust the firewall so that it sends an ICMP rejection back
when it drops an ident packet (so sshd knows right away that it's not
going to get the information it's after). 

                                                          Henry Spencer
                                                       henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml