ssh delays

thorin thorin at digitalvoodoo.org
Fri Sep 21 11:31:59 EDT 2001


John,

If you have access to the host running sshd, you might try the
following:

In the sshd_config file:

# Logging
SyslogFacility AUTH
LogLevel DEBUG (or VERBOSE)

ReverseMappingCheck no   (default yes)

You may want to change the ReverseMappingCheck option to "no" and see if
that helps; it would at least rule out slow DNS resolution...

HTH

--Thorin




-----Original Message-----
From: owner-discuss at blu.org [mailto:owner-discuss at blu.org] On Behalf Of
John Chambers
Sent: Friday, September 21, 2001 10:22
To: discuss at blu.org
Subject: ssh delays


Well, digging around in TFM and assorted archives turned up
nothing, so I thought I'd ask the experts:

Starting a few weeks ago, ssh from my home machine  started
showing  a  1-  to  2-minute  delay  before  asking  for  a
password.  It's obvious that "something has changed", but I
haven't found any clues as to what.

It's not a DNS delay, because I can ask nslookup about  the
host,  and  it replies instantly.  Ping and traceroute also
respond in under a second.

When I use ssh from outside to get to the  machine,  it  is
also instantaneous. Only outgoing ssh has this delay. There
are no messages of any sort added to any log  file  that  I
can  find.   I've run ssh with -v, and here's an example of
what it says:

| : ssh -v trill
| SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
| Compiled with SSL (0x0090600f).
| debug: Reading configuration data /home/jc/.ssh/config
| debug: Applying options for trill*
| debug: Reading configuration data /usr/local/etc/ssh_config
| debug: Applying options for *
| debug: Seeding random number generator
| debug: ssh_connect: getuid 500 geteuid 0 anon 0

At this point comes the long delay.  Then it succeeds with
no apparent problems:

| debug: Connecting to trillian.mit.edu [18.62.1.54] port 22.
| debug: Seeding random number generator
| debug: Allocated local port 723.
| debug: Connection established.
| debug: Remote protocol version 1.5, remote software version 1.2.26
| ...

Any idea where I might find another clue?


--
Notice: This message is copyright by the sender, and was doubly
encrypted by
applying  the  Rot13 encryption algorithm twice.  Unauthorized
decryption of
this message within the jurisdiction of US courts by anyone other  than
the
intended recipient(s) is a violation of the Digital Millenium Copyright
Act,
and in punishable by five years in jail, a $500,000 fine, or or both.
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list