Slow response to SSH from within network?
Fraser Campbell
fraser-eicrhRFjby5dCsDujFhwbypxlwaOVQ5f at public.gmane.org
Thu Jul 28 02:43:59 UTC 2005
On Wed, 2005-27-07 at 10:04 -0400, William O'Higgins wrote:
> Ahah! Once I identified each machine in their respective /etc/hosts
> file the delay dropped to nearly nothing. Instead of waiting ten
> seconds I had ssh sessions five layers deep between the two machines in
> the time span of time. Neat! (and silly)
I've found ssh to be flakey in regards to DNS. Recently I was sshing
into a machine from a Windows desktop, I was instantly presented a
password login, upon entering my password I had a blank screen for about
5 seconds and then suddenly the expected bash prompt appeared.
I would think, since I had already authenticated, that the DNS would be
a non-issue at that point, not so ...
- set UseDNS to no in sshd_config
- instant password prompt
- instant bash prompt upon entering password
When on the host "host my.client.ip" returned within a second so DNS
seems to have been setup correctly. "host -v my.client.ip" also shows a
reasonable TTL so it's not that my PTR record was expiring immediately
and the server had to look it up every time (and even if it did the
prompt delay was longer than observed DNS delay using host command).
Nameservice was set to "files, dns" for lookups so nothing funky should
have been happening there. I don't know why daemons insist on looking
up PTR records, I have no qualms about shutting of DNS lookups for ssh.
One caveat is that I was using F-secure SSH client and noticed some
extreme flakiness in other ways. I could ssh using openssh client and
password authentication but I could not ssh with F-secure and password
authentication until such time as set UsePAM no.
So, was it F-secure or openssh being stubborn??? Not certain but "UseDNS
no" can definitely be helpful in cases where you don't have much control
over the surrounding network.
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list