On Jan 20, 2008, at 2:56 PM, Michael Shuler wrote:
On 01/20/2008 04:29 PM, Curt Howland wrote:
In the last few days, ssh connections have turned dog slow. I mean
very slow, like 20-30 seconds of just sitting there after issuing
"ssh server" before it asks for my password.
This is very strange, as both client and server are on the same LAN
with an average ping response time of 1.1ms.
Does ssh do a dns lookup or something that could be messing up?
Yes. The SSH server performs a reverse DNS lookup on the connecting
IP address. If there is no reverse DNS record for that IP address
or the name server is foobar'ed, the SSH server will wait until
timeout on the DNS lookup, then prompt for password and log the
connection by IP.
I usually put "UseDNS no" in my /etc/ssh/sshd_config to avoid this
problem. If I need to know the DNS name associated with something in
the log, I can always look it up later. However, this does circumvent
a security check -- sshd will no longer check that the reverse and
forward lookups for the IP address match. I think the value of this
check is debatable but it's worth noting.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
