FC1 and SSH - logins taking a long time

Rick Stevens rstevens at vitalstream.com
Wed Jun 23 17:54:16 UTC 2004 

jeffrey_n_Dyke at Keane.com wrote:
> 
> 
> 
> jeffrey_n_Dyke at Keane.com wrote:
> 
>>Hi.  This is not exactly a FC question/problem, but i'm getting nothing
>>from the ssh mailing lists or comp.security.ssh.
>>
>>i have an issue where ssh logins are taking over 10 seconds.  Assuming
>>this is the DNS error seen here->http://www.openssh.com/faq.html#3.3.
>>I tried to add both UseDNS no and AddressFamily inet.  Both gave me
> 
> errors
> 
>>stating they were invalid options -->
>>
>>/etc/ssh/sshd_config: line 33: Bad configuration option: UseDNS
>>/etc/ssh/sshd_config: line 35: Bad configuration option: AddressFamily
>>
>>I'm running OpenSSH_3.6.1p2.  on FC1, the following rpms are on my system
>>
>>[root at jerry etc] rpm -qa | grep -i ssh
>>openssh-3.6.1p2-19
>>openssh-server-3.6.1p2-19
>>openssh-askpass-3.6.1p2-19
>>openssh-askpass-gnome-3.6.1p2-19
>>openssh-clients-3.6.1p2-19
>>
>>
>>The same slowness occurs when i the internal IP of 192.168.0.4. in
>>lieu of domain name.
>>
>>any help is appreciated
> 
> 
>>The configuration below is pretty standard.  My guess is that you really
>>do have a DNS issue.  The most likely problem is that reverse DNS is not
>>working (that's IP-to-hostname rather than normal DNS which is
>>hostname-to-IP).  You could verify this by getting on the SSN target
>>machine (192.168.0.4) and running:
> 
> 
>>           tcpdump port 53
> 
> 
>>and watching the output to see if the DNS stuff is being resolved right
>>or timing out when you try to ssh to that machine.
> 
> 
>>Since you're on a non-routable IP address (192.168/16), a reverse DNS
>>lookup will most likely fail unless you either run an internal DNS
>>server on your local LAN with a full reverse DNS database or you add the
>>appropriate entries to the SSH target's /etc/hosts file.
> 
> 
> excellent, thanks Rick, i'll try that when i get home.
> 
>>----------------------------------------------------------------------
>>- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
>>- VitalStream, Inc.                       http://www.vitalstream.com -
>>-                                                                    -
>>----------------------------------------------------------------------
> 
> 
> no quote for me...jip :)

DOH!  There is a glitch in my program that poops out if the random
number causes the program to hit the first or last fortune (not sure
which it is), and I'm not checking for that condition (laziness, I
guess).  Well, I suppose I could fix it and repost the program.  Or
I can just adhere to one of the other .sig lines it generates:

"Never test for an error condition you don't know how to handle."
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
- grasshopotomaus: A creature that can leap to tremendous heights... -
-                                                ...once.            -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list