FC1 and SSH - logins taking a long time

Rick Stevens rstevens at vitalstream.com
Wed Jun 23 18:34:17 UTC 2004 

Rick Stevens wrote:
> jeffrey_n_Dyke at Keane.com wrote:
> 
>>
>>
>>
>> jeffrey_n_Dyke at Keane.com wrote:
>>
>>> Hi.  This is not exactly a FC question/problem, but i'm getting nothing
>>> from the ssh mailing lists or comp.security.ssh.
>>>
>>> i have an issue where ssh logins are taking over 10 seconds.  Assuming
>>> this is the DNS error seen here->http://www.openssh.com/faq.html#3.3.
>>> I tried to add both UseDNS no and AddressFamily inet.  Both gave me
>>
>>
>> errors
>>
>>> stating they were invalid options -->
>>>
>>> /etc/ssh/sshd_config: line 33: Bad configuration option: UseDNS
>>> /etc/ssh/sshd_config: line 35: Bad configuration option: AddressFamily
>>>
>>> I'm running OpenSSH_3.6.1p2.  on FC1, the following rpms are on my 
>>> system
>>>
>>> [root at jerry etc] rpm -qa | grep -i ssh
>>> openssh-3.6.1p2-19
>>> openssh-server-3.6.1p2-19
>>> openssh-askpass-3.6.1p2-19
>>> openssh-askpass-gnome-3.6.1p2-19
>>> openssh-clients-3.6.1p2-19
>>>
>>>
>>> The same slowness occurs when i the internal IP of 192.168.0.4. in
>>> lieu of domain name.
>>>
>>> any help is appreciated
>>
>>
>>
>>> The configuration below is pretty standard.  My guess is that you really
>>> do have a DNS issue.  The most likely problem is that reverse DNS is not
>>> working (that's IP-to-hostname rather than normal DNS which is
>>> hostname-to-IP).  You could verify this by getting on the SSN target
>>> machine (192.168.0.4) and running:
>>
>>
>>
>>>           tcpdump port 53
>>
>>
>>
>>> and watching the output to see if the DNS stuff is being resolved right
>>> or timing out when you try to ssh to that machine.
>>
>>
>>
>>> Since you're on a non-routable IP address (192.168/16), a reverse DNS
>>> lookup will most likely fail unless you either run an internal DNS
>>> server on your local LAN with a full reverse DNS database or you add the
>>> appropriate entries to the SSH target's /etc/hosts file.
>>
>>
>>
>> excellent, thanks Rick, i'll try that when i get home.
>>
>>> ----------------------------------------------------------------------
>>> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
>>> - VitalStream, Inc.                       http://www.vitalstream.com -
>>> -                                                                    -
>>> ----------------------------------------------------------------------
>>
>>
>>
>> no quote for me...jip :)
> 
> 
> DOH!  There is a glitch in my program that poops out if the random
> number causes the program to hit the first or last fortune (not sure
> which it is), and I'm not checking for that condition (laziness, I
> guess).  Well, I suppose I could fix it and repost the program.  Or
> I can just adhere to one of the other .sig lines it generates:
> 
> "Never test for an error condition you don't know how to handle."

And just to prove I'm good to my word, a new version of the program is
now available (and running on my machine):

     http://www.rhil.net/tools/genmailsig.tar.gz

So there!    :-p    Thppppt!
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-     I.R.S.: We've got what it takes to take what you've got!       -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list