Re: ssh initial connects SLOW

---

• From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
• Date: Thu, 24 Jan 2008 17:10:14 -0800 (PST)

---

On 24 Jan, 23:31, Darren Tucker <dtuc...@xxxxxxxxxxxxxxxx> wrote:

On 2008-01-20, Nico Kadel-Garcia <nka...@xxxxxxxxx> wrote:

Randy Yates wrote:

[...]

This is an *OLD* issue. The SSH daemon does a lookup of the hostname
via which you connect to see if it has a matching IP address and reverse
DNS lookup, in order primarily to do logging of what host the client came
from. In a dynamic DNS environment, this is particularly tricky to log
correctly, so it tries to find out what DNS thinks the host is. And it's
possible, in some screwed up DNS environments, to register a hostname
of "192.168.1.101", or to put it in /etc/hosts to point actually to
something else.

Depending on exactly what's triggering the DNS reverse lookup on the
server, you can disable it with "UseDNS no" in sshd_config.

If I remember the source code correctly, this does not block the
attempted *logging* of the hostname of the connecting site, and thus
this option doesn't actually stop the lookup. But modifying the init
script to use "sshd -u0" to set the length of the recorded hostname
information ot 0 does, in fact, block the lookup. This is well
documented in the sshd manpage.

I don't have a source tree in my hands at the moment to verify it: it
would have been easy to modify the code to check for the UseDNS
setting and skip it entirely, but I'm surprised if that change has
occurred since the last time I looked.
.

---

• Follow-Ups:
  • Re: ssh initial connects SLOW
    • From: Nico Kadel-Garcia

• References:
  • ssh initial connects SLOW
    • From: Randy Yates
  • Re: ssh initial connects SLOW
    • From: Nico Kadel-Garcia
  • Re: ssh initial connects SLOW
    • From: Randy Yates
  • Re: ssh initial connects SLOW
    • From: Nico Kadel-Garcia
  • Re: ssh initial connects SLOW
    • From: Darren Tucker

• Prev by Date: Re: Can't ssh with no password between Red Hat Enterprise and Red hat 7.0
• Next by Date: Re: ssh initial connects SLOW
• Previous by thread: Re: ssh initial connects SLOW
• Next by thread: Re: ssh initial connects SLOW
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to disable the "implicit mx record" in Exchange ... Exchange or Microsoft DNS to compensate for the error conditions. ... If the lookup fails, then it should be reported as an error and the ... "and the A record host accepts mail but not for the particular ... (microsoft.public.exchange.admin) Re: How to disable the "implicit mx record" in Exchange ... It is only when the MX lookup fails on occation that we ... Exchange or Microsoft DNS to compensate for the error conditions. ... MX record host, and sometimes it is sending to the host with the A record for ... (microsoft.public.exchange.admin) Re: Quick Mail Log Question ... > something to do with DNS, or Reverse DNS. ... A 'canonical name' is another description of the full name of the host. ... Normally you lookup the IP number which belongs to a hostname/FQDN. ... (comp.unix.admin) Re: Cannot access a web page ... First let's find out what your DNS is really telling you. ... Does the lookup give you the same IP address that your HOSTS file ... More importantly that page contains absolutely no reference to Skype ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: ssh initial connects SLOW ... DNS lookup, in order primarily to do logging of what host the client came ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2008-01