[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh hangs for 5 seconds for a particular machine

On 2015-04-08 19:21:12 +0200, Sven Hartge wrote:
> Vincent Lefevre <vincent@vinc17.net> wrote:
> 
> > When connecting by SSH to a particular machine, ssh hangs for
> > 5 seconds. The client machine doesn't matter (except for the
> > machine itself).
> 
> 5 seconds smells like some DNS problem.

Yes, but the result is surprising compared to the "host" command.

I could try with debugging messages:

# /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2>>(ts -s "%.s")
[...]
3.315346 debug3: Trying to reverse map address 140.77.51.8.
8.317377 debug2: parse_server_config: config reprocess config len 652
[...]

(I use port 80 since port 22 is already taken by the normal sshd and
the gateway to the machine seems to filter arbitrary ports.)

However:

ypig:~> nslookup 140.77.51.8
;; Got SERVFAIL reply from 140.77.1.32, trying next server
Server:         140.77.167.2
Address:        140.77.167.2#53

** server can't find 8.51.77.140.in-addr.arpa: SERVFAIL

immediately. On another machine:

cassis:~> nslookup 140.77.51.8
;; Got SERVFAIL reply from 140.77.1.32, trying next server
;; Got SERVFAIL reply from 140.77.167.2, trying next server
Server:         140.77.51.20
Address:        140.77.51.20#53

8.51.77.140.in-addr.arpa        name = domu-ssh.ens-lyon.fr.

So, yes, there's something broken with the DNS here. But this doesn't
explain the delay from sshd.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: