Slow connects due to out-of-context DNS lookup

Adrian Wilkins adrian.wilkins at gmail.com
Mon Jun 5 23:38:32 AEST 2017


On 01/03/17 21:33, Damien Miller wrote:
> Please send verbose output, i.e. "ssh -vvv ..."
> 

Sorry for the large delay...

Attached logs. Have anonymised some things.

No notable differences that I can spot.


The *-host.log file is with an entry pointing to localhost in /etc/hosts
The other is without this entry.

The "with" session connects instantly. The "without" session takes much 
longer.

The pauses occur during the segment of log below the line.

Setting "GSSAPIAuthentication no" for this configuration (not the 
configuration for the proxy SSH server) causes it to take the same 
amount of time as when you insert a definition of the remote host DNS 
name in /etc/hosts


----

debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available

----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-graylog.log
Type: text/x-log
Size: 15857 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170605/03b7a550/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-graylog-host.log
Type: text/x-log
Size: 15858 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20170605/03b7a550/attachment-0003.bin>


More information about the openssh-unix-dev mailing list