Re: proftpd and sshd delays
On Fri, Aug 05, 2005 at 03:13:01PM +0800, James Duff wrote:
> Both sshd, and proftpd are very slow to respond. I've noticed this in
> sshd under debian on previous versions and machines also. Sshd asks
> for a username almost immediately when I connect, but there is a
> substantial time before it asks for a password.
>
> Proftpd also has a significant delay before responding to login information.
Is there a packet filtering firewall or a NAT device between your client
machines and the server, or do your clients run a personal firewall
software which drops incoming connections? Or does your server machine
drop outgoing connections?
Your FTP and SSH servers might be configured to ask the client machine
which user issued the connection request. The "ident" protocol is used
for this purpose (sometimes also called "auth", which is a bit misnamed).
If your client machines ignore such connection attempts, instead of
rejecting them, this will cause the delays you observed.
You should be able to analyse this by running a packet sniffer such as
ethereal on the server side.
Another reason could be that the user lookup on the server itself takes
too long. Which user directory are you using - passwd, NIS, LDAP or
something else? If you don't know, please look in /etc/passwd for lines
starting with "+" (which would indicate you are using NIS), and post
your /etc/nsswitch.conf.
The strace tool, attached to a server process, might help diagnosing
this case.
Mirko
Reply to: