[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh hangs for 5 seconds for a particular machine



On 8 April 2015 at 13:41, Vincent Lefevre <vincent@vinc17.net> wrote:
> # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2>>(ts -s "%.s")
> [...]
> 3.315346 debug3: Trying to reverse map address 140.77.51.8.

So sshd is doing the reverse lookup and fails

> ypig:~> nslookup 140.77.51.8
> ;; Got SERVFAIL reply from 140.77.1.32, trying next server
> Server:         140.77.167.2
> Address:        140.77.167.2#53
>
> ** server can't find 8.51.77.140.in-addr.arpa: SERVFAIL
>
> immediately. On another machine:
>
> cassis:~> nslookup 140.77.51.8
> ;; Got SERVFAIL reply from 140.77.1.32, trying next server
> ;; Got SERVFAIL reply from 140.77.167.2, trying next server
> Server:         140.77.51.20
> Address:        140.77.51.20#53
>
> 8.51.77.140.in-addr.arpa        name = domu-ssh.ens-lyon.fr.
>
> So, yes, there's something broken with the DNS here. But this doesn't
> explain the delay from sshd.

And the reverse lookup from nslookup fails.. DNS is broken.

You probably want to add (or modify) the UseDNS setting to your sshd
config file.

UseDNS Specifies whether sshd(8) should look up the remote host name
and check that the resolved host name for the remote IP address maps
back to the very same IP address.  The default is “yes”.

Cheers,
-- 
Michael Graham <oobermick@gmail.com>


Reply to: