Re: SSH slowness

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: SSH slowness
From: David Brodbeck <brodbd@u.washington.edu>
Date: Tue, 22 Jan 2008 16:54:54 -0800
Message-id: <[🔎] B8DE5414-FD98-48CE-972E-6F92403D0C31@u.washington.edu>
Reply-to: Debian User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 4793D1B5.8000708@pbandjelly.org>
References: <[🔎] 200801201729.32112.Howland@priss.com> <[🔎] 4793D1B5.8000708@pbandjelly.org>


On Jan 20, 2008, at 2:56 PM, Michael Shuler wrote:

On 01/20/2008 04:29 PM, Curt Howland wrote:
In the last few days, ssh connections have turned dog slow. I meanvery slow, like 20-30 seconds of just sitting there after issuing"ssh server" before it asks for my password.This is very strange, as both client and server are on the same LANwith an average ping response time of 1.1ms.
Does ssh do a dns lookup or something that could be messing up?
Yes. The SSH server performs a reverse DNS lookup on the connectingIP address. If there is no reverse DNS record for that IP addressor the name server is foobar'ed, the SSH server will wait untiltimeout on the DNS lookup, then prompt for password and log theconnection by IP.

I usually put "UseDNS no" in my /etc/ssh/sshd_config to avoid thisproblem. If I need to know the DNS name associated with something inthe log, I can always look it up later. However, this does circumventa security check -- sshd will no longer check that the reverse andforward lookups for the IP address match. I think the value of thischeck is debatable but it's worth noting.

Reply to:

References:
- SSH slowness
  - From: Curt Howland <Howland@priss.com>
- Re: SSH slowness
  - From: Michael Shuler <michael@pbandjelly.org>

Prev by Date: Re: rsync 10 times slower in Etch than in Sarge!
Next by Date: Re: How to use Mutt?
Previous by thread: Re: SSH slowness
Next by thread: Few Questions About Debian
Index(es):
- Date
- Thread