[Bug 1667] sshd slow connect with 'UseDNS yes'
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Nov 4 09:04:33 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1667
--- Comment #10 from Darren Tucker <dtucker at zip.com.au> 2009-11-04 09:04:32 EST ---
(In reply to comment #9)
> [root at corvus ~]# time host -t A flux.arc.nasa.gov. ns1.arc.nasa.gov.
[...]
> flux.arc.nasa.gov has address 143.232.109.139
>
> real 0m5.026s
There's your problem: your DNS is taking 5s to respond. I'm surprised
that it's happening for A records too given what I saw in the packet
trace, but I expected to see this for AAAA.
So your DNS (or resolver) is slow, and that's compounded by something
in PAM making multiple trips to the well.
The options I can think of are:
* fix your DNS or resolver
* make your resolver send only IPv4 requests
* live with UseDNS=no
* disable PAM.
You also could try building OpenSSH with "configure
--with-cflags=-DBROKEN_GETADDRINFO". This will force the use of the
built-in getaddrinfo replacement that happens to speak only IPv4, but
it probably won't help the PAM bits. I suspect this will make minimal
difference though.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list