[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh hangs for 5 seconds for a particular machine

Vincent Lefevre wrote:
> Michael Graham wrote:
> > Vincent Lefevre <vincent@vinc17.net> wrote:
> > > # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2>>(ts -s "%.s")
> > > [...]

> > > (I use port 80 since port 22 is already taken by the normal sshd and
> > > the gateway to the machine seems to filter arbitrary ports.)

I will just note that port 443 is often a required choice for those
ISPs that filter everything but 80 and 443 and put a hard proxy on
port 80.  They can't proxy 443 and therefore we can use it for ad-hoc
ssh use when all else is blocked.  I keep an sshd on port 443 for
those times when I find myself using a client ISP that blocks port 22.

> > > 3.315346 debug3: Trying to reverse map address
> > 
> > So sshd is doing the reverse lookup and fails
> Yes, but with nslookup, the failure is *immediate*. So, this doesn't
> explain the 5-second delay.

What is the configuration of /etc/resolv.conf?  /etc/nsswitch.conf?

  cat /etc/resolv.conf

  grep "^hosts" /etc/nsswitch.conf

The config there may affect things.  Much less likely would be the
configuration of /etc/gai.conf file.  Most will have nothing but
comments there.

> > You probably want to add (or modify) the UseDNS setting to your sshd
> > config file.
> > 
> > UseDNS Specifies whether sshd(8) should look up the remote host name
> > and check that the resolved host name for the remote IP address maps
> > back to the very same IP address.  The default is “yes”.
> Thanks, this solves the problem.

That confirms the problem is with the DNS side of things.


Attachment: signature.asc
Description: Digital signature

Reply to: