Bug#341042: ssh: Slow Connections Due to Bogus IPv6 name resolution
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: important
SSH can take a very long time to connect to addresses on the internet
due to bogus ipv6 name resolution requests when connecting using ipv4.
ssh user@host.domain.com
The default resolution behavior is:
AAAA host.domain.com.
AAAA host.domain.com.
AAAA host.domain.com.searchdomain.com.
AAAA host.domain.com.searchdomain.com.
A host.domain.com.
Removing the ipv6 module from the kernel and aliasing it in
modprobe.conf to "none" does not prevent ssh from attempting ipv6 name
resolution, even though those resolutions would be pointless on a system
with no ipv6 support enabled.
On some DNS servers, the above requests can take a very long time to
fail, a connection with the default setup was taking me 30 seconds to
establish.
A workaround is alasing ssh to "ssh -4", to prevent any use of ipv6.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (600, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.12-1-k7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages ssh depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.30.13 Debian configuration management sy
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.3-6 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/ssh2_keys_merged:
ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
ssh/disable_cr_auth: false
Reply to: