Re: ssh initial connects SLOW
- From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
- Date: Sun, 20 Jan 2008 15:53:48 +0000
Randy Yates wrote:
Nico Kadel-Garcia <nkadel@xxxxxxxxx> writes:
Randy Yates wrote:I have a strange thing going on with ssh. I have two systems on myAhh. I think we need to say "welcome to reverse DNS". "localhost.localdomain" resolves to 127.0.0.1, which is *not* the IP address the connection is coming from. And when your SSH server looks up 192.168.1.3 or whatever your first localhost's IP address is, it gets a name that does not match. I suspect you've recently changed your DNS or /etc/hosts setups, or something else was poking your DNS so you had a cached "I don't know what that is!" result.
local LAN, one a Fedora Core 6 system and one a Fedora (Core) 8.
Until about a week ago, I was able to ssh between these two systems
without any problem whatsoever. However, for the last few days, when
I ssh in from one to the other (in either direction), it takes an
inordinate amount of time (> 1 minute) for the ssh command to complete
and yield control back to the terminal.
Any ideas why this is happening? The network between the two computers
seems to be just fine. One is connected via 802.11g with WEP security
enabled, and always has been, i.e., nothing changed here between the
time it was working and the time it stopped working.
[yates@localhost ~]$ uname -a
Linux localhost.localdomain 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:36 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
[yates@localhost client]$ uname -a
Linux localhost.localdomain 2.6.22.14-72.fc6 #1 SMP Wed Nov 21 14:10:25 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
This reverse DNS can be turned off by setting the sshd initscript to start sshd with "sshd -u0", a bit of old obscurity that says "don't record any more than 0 characters for the client hostname", and as it's programmed, prevents the reverse DNS lookup at all. There are security reasons and logging reasons that this is useful information, but if you don't have good DNS setups, you may want to disable it.
There is no other graceful way to to turn this off: sshd_config does
not support any options to disable it, and never has.
Hi Nico,
Thanks for responding and for this idea. Unfortunately, that wasn't
it. I restarted the daemons on both computers and I still get the
same problem.
Also, since I'm using numeric IP addresses in the ssh command, e.g.,
ssh -p 12345 192.168.1.101
I don't understand why a reverse lookup would even be done.
This is an *OLD* issue. The SSH daemon does a lookup of the hostname via which you connect to see if it has a matching IP address and reverse DNS lookup, in order primarily to do logging of what host the client came from. In a dynamic DNS environment, this is particularly tricky to log correctly, so it tries to find out what DNS thinks the host is. And it's possible, in some screwed up DNS environments, to register a hostname of "192.168.1.101", or to put it in /etc/hosts to point actually to something else.
Thus, SSH does a reverse DNS lookup to keep these things straight.
.
- Follow-Ups:
- Re: ssh initial connects SLOW
- From: Darren Tucker
- Re: ssh initial connects SLOW
- References:
- ssh initial connects SLOW
- From: Randy Yates
- Re: ssh initial connects SLOW
- From: Nico Kadel-Garcia
- Re: ssh initial connects SLOW
- From: Randy Yates
- ssh initial connects SLOW
- Prev by Date: Re: ssh initial connects SLOW
- Next by Date: Re: throttle ssh logins (OpenSSH sshd)
- Previous by thread: Re: ssh initial connects SLOW
- Next by thread: Re: ssh initial connects SLOW
- Index(es):
Relevant Pages
|
|
