openssh timeouts

Frederik Eaton frederik at a5.repetae.net
Thu Jun 2 10:54:39 EST 2005


It appears that there are quite a lot of things that can cause ssh to
become incredibly slow - the problem is that ssh or programs that it
invokes depend on timeouts to try to maintain basic functionality in
cases where expected functionality is missing. I've experienced delays
stemming from timeouts from 'xauth', nis, DNS, and probably others.
These kinds of problems are very hard to debug, since recovery from
the error condition happens behind the scenes (or within sshd) and the
user never gets a warning message saying what went wrong.

I can see why some amount of resilience would be desired - you don't
want to be prevented from logging into a system just because X
forwarding doesn't work - but I wish I could be notified - in normal,
not verbose mode - of what the problems were, so that I didn't have to
go guessing whether it was just network slowness or not, and then
squinting at 'strace' logs and running 'sshd' in debug mode, every
time one of ssh's many dependencies got misconfigured. If there could
even just be a warning message "Warning - 'xauth add ...' taking too
long" or "Warning - DNS timed out, check /etc/resolv.conf or set
configuration option X to disable host IP checking" when a sub-task
takes longer than a certain amount of time, I think it would be very
helpful.

Has anyone given this kind of enhancement any thought?

Frederik

-- 
http://ofb.net/~frederik/




More information about the openssh-unix-dev mailing list