Vincent Lefevre wrote: > Michael Graham wrote: > > Vincent Lefevre <vincent@vinc17.net> wrote: > > > # /usr/sbin/sshd -D -ddd -p 80 -f /etc/ssh/sshd_config 2>>(ts -s "%.s") > > > [...] > > > (I use port 80 since port 22 is already taken by the normal sshd and > > > the gateway to the machine seems to filter arbitrary ports.) I will just note that port 443 is often a required choice for those ISPs that filter everything but 80 and 443 and put a hard proxy on port 80. They can't proxy 443 and therefore we can use it for ad-hoc ssh use when all else is blocked. I keep an sshd on port 443 for those times when I find myself using a client ISP that blocks port 22. > > > 3.315346 debug3: Trying to reverse map address 140.77.51.8. > > > > So sshd is doing the reverse lookup and fails > > Yes, but with nslookup, the failure is *immediate*. So, this doesn't > explain the 5-second delay. What is the configuration of /etc/resolv.conf? /etc/nsswitch.conf? cat /etc/resolv.conf grep "^hosts" /etc/nsswitch.conf The config there may affect things. Much less likely would be the configuration of /etc/gai.conf file. Most will have nothing but comments there. > > You probably want to add (or modify) the UseDNS setting to your sshd > > config file. > > > > UseDNS Specifies whether sshd(8) should look up the remote host name > > and check that the resolved host name for the remote IP address maps > > back to the very same IP address. The default is “yes”. > > Thanks, this solves the problem. That confirms the problem is with the DNS side of things. Bob
Attachment:
signature.asc
Description: Digital signature