FC1 and SSH - logins taking a long time
Rick Stevens
rstevens at vitalstream.com
Wed Jun 23 18:34:17 UTC 2004
Rick Stevens wrote:
> jeffrey_n_Dyke at Keane.com wrote:
>
>>
>>
>>
>> jeffrey_n_Dyke at Keane.com wrote:
>>
>>> Hi. This is not exactly a FC question/problem, but i'm getting nothing
>>> from the ssh mailing lists or comp.security.ssh.
>>>
>>> i have an issue where ssh logins are taking over 10 seconds. Assuming
>>> this is the DNS error seen here->http://www.openssh.com/faq.html#3.3.
>>> I tried to add both UseDNS no and AddressFamily inet. Both gave me
>>
>>
>> errors
>>
>>> stating they were invalid options -->
>>>
>>> /etc/ssh/sshd_config: line 33: Bad configuration option: UseDNS
>>> /etc/ssh/sshd_config: line 35: Bad configuration option: AddressFamily
>>>
>>> I'm running OpenSSH_3.6.1p2. on FC1, the following rpms are on my
>>> system
>>>
>>> [root at jerry etc] rpm -qa | grep -i ssh
>>> openssh-3.6.1p2-19
>>> openssh-server-3.6.1p2-19
>>> openssh-askpass-3.6.1p2-19
>>> openssh-askpass-gnome-3.6.1p2-19
>>> openssh-clients-3.6.1p2-19
>>>
>>>
>>> The same slowness occurs when i the internal IP of 192.168.0.4. in
>>> lieu of domain name.
>>>
>>> any help is appreciated
>>
>>
>>
>>> The configuration below is pretty standard. My guess is that you really
>>> do have a DNS issue. The most likely problem is that reverse DNS is not
>>> working (that's IP-to-hostname rather than normal DNS which is
>>> hostname-to-IP). You could verify this by getting on the SSN target
>>> machine (192.168.0.4) and running:
>>
>>
>>
>>> tcpdump port 53
>>
>>
>>
>>> and watching the output to see if the DNS stuff is being resolved right
>>> or timing out when you try to ssh to that machine.
>>
>>
>>
>>> Since you're on a non-routable IP address (192.168/16), a reverse DNS
>>> lookup will most likely fail unless you either run an internal DNS
>>> server on your local LAN with a full reverse DNS database or you add the
>>> appropriate entries to the SSH target's /etc/hosts file.
>>
>>
>>
>> excellent, thanks Rick, i'll try that when i get home.
>>
>>> ----------------------------------------------------------------------
>>> - Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
>>> - VitalStream, Inc. http://www.vitalstream.com -
>>> - -
>>> ----------------------------------------------------------------------
>>
>>
>>
>> no quote for me...jip :)
>
>
> DOH! There is a glitch in my program that poops out if the random
> number causes the program to hit the first or last fortune (not sure
> which it is), and I'm not checking for that condition (laziness, I
> guess). Well, I suppose I could fix it and repost the program. Or
> I can just adhere to one of the other .sig lines it generates:
>
> "Never test for an error condition you don't know how to handle."
And just to prove I'm good to my word, a new version of the program is
now available (and running on my machine):
http://www.rhil.net/tools/genmailsig.tar.gz
So there! :-p Thppppt!
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- I.R.S.: We've got what it takes to take what you've got! -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list