Ping a Specific Port

Question

Eytan

Asked: 2012-03-21 10:56:13 +0800 CST2012-03-21 10:56:13 +0800 CST 2012-03-21 10:56:13 +0800 CST

ssh + long ssh delay and resolv conf file

772

Linux system running Redhat 5.1.

When I connect to the machines with SSH there is a long delay before the login completes and I get a shell.

I did some research and found a solution to this problem that suggested that I could remove the /etc/resolv.conf, and then logins would work quickly. I tried doing this and it actually worked; removing the /etc/resolv.conf sped things up.

So now I want to understand why this is causing a problem, and how to get fast SSH logins without breaking name resolution.

Update: UseDNS no was in sshd_config (but has not fixed the issue)

3 Answers

Voted

Zoredache · Answer 1 · 2012-03-21T11:07:47+08:00

Best Answer

Zoredache

2012-03-21T11:07:47+08:002012-03-21T11:07:47+08:00

As a security measure when you connect to ssh server, the server will perform several DNS lookups on the IP address you are connecting from. These DNS checks make take a while, particularly if the reverse zones are not setup properly for the IP addresses you are connecting from.

In your /etc/ssh/sshd_config there is an option you can set to disable DNS checks. Specifically you would want to set UseDNS no.

man sshd_config

UseDNS

Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ''yes''.

Another common source of problems can be related to tcpwrappers. If SSH is compiled to use tcpwrappers, and tcpwrappers is compiled to do DNS lookups, then you can see slowness from this.

If you are connecting from within your network, the majority of the delay will be fixed by setting up proper reverse DNS zones.

4

gymbrall · Answer 2 · 2012-03-21T11:07:28+08:00

gymbrall

2012-03-21T11:07:28+08:002012-03-21T11:07:28+08:00

It probably has as much to do with the /etc/nsswitch.conf file as it does the /etc/resolv.conf file. nsswitch.conf tells linux the order in which it should use different methods (dns, nis, /etc/hosts, etc) to resolve things like hosts, services, networks, etc.

resolv.conf is specifically for dns lookups, and my guess is that /etc/nsswitch.conf says to use dns before using files when looking up hosts and when /etc/resolv.conf does not exist, it skips doing a DNS lookup. So when you were typing ssh username@hostname it used to try to do a dns lookup before falling back to some other means, but now it just skips that step.

There may be other things going on, but it's probably related/similar.

Take care.

1

Anshuman · Answer 3 · 2012-03-21T11:13:21+08:00

Anshuman

2012-03-21T11:13:21+08:002012-03-21T11:13:21+08:00

Add the following line to your sshd_config file:

UseDNS no

That will do the trick!

-1

ssh + long ssh delay and resolv conf file

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?