FC1 and SSH - logins taking a long time

jeffrey_n_Dyke at Keane.com jeffrey_n_Dyke at Keane.com
Wed Jun 23 17:49:48 UTC 2004 




jeffrey_n_Dyke at Keane.com wrote:
> Hi.  This is not exactly a FC question/problem, but i'm getting nothing
> from the ssh mailing lists or comp.security.ssh.
>
> i have an issue where ssh logins are taking over 10 seconds.  Assuming
> this is the DNS error seen here->http://www.openssh.com/faq.html#3.3.
> I tried to add both UseDNS no and AddressFamily inet.  Both gave me
errors
> stating they were invalid options -->
>
> /etc/ssh/sshd_config: line 33: Bad configuration option: UseDNS
> /etc/ssh/sshd_config: line 35: Bad configuration option: AddressFamily
>
> I'm running OpenSSH_3.6.1p2.  on FC1, the following rpms are on my system
>
> [root at jerry etc] rpm -qa | grep -i ssh
> openssh-3.6.1p2-19
> openssh-server-3.6.1p2-19
> openssh-askpass-3.6.1p2-19
> openssh-askpass-gnome-3.6.1p2-19
> openssh-clients-3.6.1p2-19
>
>
> The same slowness occurs when i the internal IP of 192.168.0.4. in
> lieu of domain name.
>
> any help is appreciated

>The configuration below is pretty standard.  My guess is that you really
>do have a DNS issue.  The most likely problem is that reverse DNS is not
>working (that's IP-to-hostname rather than normal DNS which is
>hostname-to-IP).  You could verify this by getting on the SSN target
>machine (192.168.0.4) and running:

>            tcpdump port 53

>and watching the output to see if the DNS stuff is being resolved right
>or timing out when you try to ssh to that machine.

>Since you're on a non-routable IP address (192.168/16), a reverse DNS
>lookup will most likely fail unless you either run an internal DNS
>server on your local LAN with a full reverse DNS database or you add the
>appropriate entries to the SSH target's /etc/hosts file.

excellent, thanks Rick, i'll try that when i get home.
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> ----------------------------------------------------------------------

no quote for me...jip :)
_______________________________________________
Redhat-install-list mailing list
Redhat-install-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request at redhat.com
Subject: unsubscribe

More information about the Redhat-install-list mailing list