ssh/sshd hang after "debug2: channel 0: open confirm rwindow 0 rmax 32768"

Peter Stuge stuge-openssh-unix-dev at cdy.org
Sun Mar 16 06:24:09 EST 2008


Hi again,

On Sat, Mar 15, 2008 at 08:32:12AM -0600, Bruce Allen wrote:
> > Do you know if your own hosts require correct reverse DNS records?
> 
> No.  Is this part of sshd config?  If so, what should I look for?

Yes, look at the UseDNS directive.


> Is there a simple test that I can run to determine if reverse DNS
> is being required?

grep -i usedns sshd_config

It can't be checked from the client.


On Sat, Mar 15, 2008 at 12:54:37PM -0600, Bruce Allen wrote:
> > Maybe the hotel ISP doesn't have names set up and you're not
> > being let in because of that
> 
> Peter, as I recall one can disable the reverse DNS in ssh1 but not
> in ssh2.  Is that right?

Not that I know, no. I doubt sshd makes a difference between the
higher layer protocols here. sshd_config(5) also does not say
anything about this.


> I have seen this problem in the past and as I recall, the ssh-sshd
> dialog stops much earlier than I am seeing, and with a fairly clear
> error message saying that the reverse DNS lookup failed or didn't
> resolve to the same name/IP combination.

With UseDNS set to yes (which is also the default) sshd behavior
depends on a bunch of DNS servers typically outside your control,
in particular when at a remote location.

Maybe the DNS server that sshd is talking to regarding your remote
location is acting up and delaying answers because of load or
misconfiguration or maybe it's just down and so you have to wait for
a timeout.

If you've had other DNS problems before at a different remote site
they could very well have taken a different form depending on that
particular DNS server's behaviour.


If possible I would try setting UseDNS no in sshd_config and logging
in again from the hotel ISP.


//Peter


More information about the openssh-unix-dev mailing list