|
FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
sshd delayed response on FBSD 8.1
I run the openssh daemon on my FBSD 8.1-release system, and ever since I got this one going I've noticed a very annoying delay in the time it takes sshd to respond to a login request.
For example, if I am logging in to my home system from work, I run Code:
ssh mylogin@mydomain.com I previously had a 6.2-release system running at my home, with the same networking hardware between it and the outside world, without this delay. Upload and download speeds are where I would expect for the connection I pay for at home. The delay is pretty constant with regards to both the time of day and the geographical distance between me and home when I am trying to log in. Any ideas on how to reduce the delay? The system is not going to sleep; if I am already logged in from my workstation at work with something running, and then I log in again from the same workstation in another window, I get the same delay. I haven't seen anything in the sshd configuration file that seems to refer to this. |
|
|||
The server you are ssh'ing/logon to, is trying to do a double reverse name lookup of your workstation IP address. This however fails and that is causing the delay.
Easiest way is to add the IP address and the name of your workstation to the "/etc/hosts" file of the server. Real pro's configure a local nameserver . Only the cowards set "UseDNS to "no" in the sshd.conf of the server
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 5th April 2011 at 12:35 AM. Reason: Reformulated/simplified |
|
|||
The following commented tcpdump output illustrates these name lookups
Legenda Code:
192.168.222.20 : hercules.utp.xnet, the workstation 192.168.222.244 : vintrax.utp.xnet, the server 192.168.222.10 : parmenides.utp.xnet, the local nameserver for the private utp.xnet domainp Code:
1:02:55.432719 192.168.222.20.15021 > 192.168.222.244.22: P 1102:1166(64) ack 1726 win 16384 <nop,nop,timestamp 519684114 2254674010> (DF) Note the reversal of the IP address and the addition of the "in-addr.arpa" domain. Here like in the ssh connection, the source port is a randomly chosen port >1023 and the destination port is the standard service port , here DNS and thus port 53. Code:
21:02:55.433758 192.168.222.244.19667 > 192.168.222.10.53: 55256+ PTR? 20.222.168.192.in-addr.arpa. (45) Code:
21:02:55.434535 192.168.222.10.53 > 192.168.222.244.19667: 55256 1/0/0 PTR hercules.utp.xnet. (76) So it issues another lookup, but now a normal lookup, name to IP address. In DNS terminology, it asks for the A record. : Code:
21:02:55.434911 192.168.222.244.33933 > 192.168.222.10.53: 64914+ A? hercules.utp.xnet. (35) Code:
21:02:55.435436 192.168.222.10.53 > 192.168.222.244.33933: 64914 1/0/0 A 192.168.222.20 (51) Code:
21:02:55.437138 192.168.222.244.22 > 192.168.222.20.15021: P 1726:1806(80) ack 1166 win 33304 <nop,nop,timestamp 2254674010 519684114> (DF) 21:02:55.437382 192.168.222.20.15021 > 192.168.222.244.22: P 1166:1694(528) ack 1806 win 16384 <nop,nop,timestamp 519684114 2254674010> (DF) First is the lookup IP -> name, the second one, a name -> IP lookup.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I know its been a long time since I brought this up, and I thank those who responded. At this point I sheepishly admit I was unable to solve the problem even with the advice provided, and now I am looking to solve it (beyond changing "UseDNS" to "no").
In the case of my workstation at work, for example, I added the IP address to /etc/hosts and I still have obnoxiously slow lag while the system fails to pull off the lookup. If I am logged in, and I run 'who' I get the IP address returned; though running 'w' returns the host name specified in /etc/hosts. What am I forgetting to check? I have also found that if I go from my FSBD system, to the same FSBD system (via the external IP address or the domain name I use for it), I get the same lag. It appears that my system is not able to successfully look up its own IP address (which presumably should work out to an address from my ISP). |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Immense delayed write to file system (ZFS and UFS2), performance issues | J65nko | FreeBSD General | 12 | 15th September 2010 11:46 PM |
Can't Response Ping Request | widhi | OpenBSD General | 5 | 24th March 2010 10:40 PM |
FreeBSD FreeBSD 7.2-RELEASE EoL delayed to end of June 2010 | J65nko | News | 0 | 11th March 2010 09:46 PM |
Delayed command? | wubrgamer | Other BSD and UNIX/UNIX-like | 9 | 22nd April 2009 03:15 AM |
sshd and timeout | Sunsawe | FreeBSD Security | 6 | 29th May 2008 12:54 PM |