ssh login lag
Roberto Ragusa
mail at robertoragusa.it
Thu May 25 15:09:24 UTC 2006
atomi wrote:
> I've got a pretty bare bones system. Headless Fedora Core 5
> My problem occurs when I login via putty through SSH,
> after I've entered my password there is an ugly lag...
>
> here here is my IPTABLES:
>
> *filter
> :OUTPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :FIREWALL-INPUT - [0:0]
> :INPUT ACCEPT [0:0]
> -A INPUT -j FIREWALL-INPUT
>
> -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
> -A FIREWALL-INPUT -p tcp -m tcp -j REJECT
> -A FIREWALL-INPUT -p udp -m udp -j REJECT
> COMMIT
>
> so, alright, pretty simple huh; anyone know why the lag monster appears?
> ANY insight i think would help.
You're probably blocking DNS queries or you have wrong DNS
settings.
I think the sshd process is trying to resolve the IP you're connecting
from to a name, but the firewall is dropping the packets, so it has
to wait that some timeout expires before going on.
Try to disactivate the stringent firewall rules, run ethereal and
look what kind of traffic is there in the normal (fast) case. Then
modify the firewall rules accordingly.
Alternatively, add a -j LOG rules before the REJECT rules, so you can
see in /var/log/messages what you're blocking.
-A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
-A FIREWALL-INPUT -p tcp -m tcp -j LOG
-A FIREWALL-INPUT -p tcp -m tcp -j REJECT
-A FIREWALL-INPUT -p udp -m udp -j LOG
-A FIREWALL-INPUT -p udp -m udp -j REJECT
Do you see a "Last login: " line after the delay? Does it contain
a numeric IP or a hostname?
Best regards.
--
Roberto Ragusa mail at robertoragusa.it
More information about the fedora-list
mailing list