On Fri, Jan 03, 2003 at 11:22:51PM -0600, Hari Bhaskaran wrote: > I can't seem to avoid the initial login delay for sshd.
oops! - this was a known gotcha since July. Fixed by copying /etc/resolv.conf to /var/empty/etc/resolv.conf (and +schg-ing everything in there). http://docs.freebsd.org/cgi/getmsg.cgi?fetch=138079+0+archive/2002/freebsd-security/20020728.freebsd-security At 3 minutes less per login, this saves me... let me see.. 3*60*24*.... :) > I have turned off reverse lookup - "VerifyReverseMapping no". > I don't use inetd - even then, hosts.allow has only one - > "ALL : ALL : allow". I have an ipfilter firewall which > lets only one tcp port for ssh in (from select IPs). > > I see the question has been asked before > >http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2697694+0+archive/2002/freebsd-questions/20021117.freebsd-questions > However, I didn't see any answers there. > > /etc/rc.conf: sshd_flags="-4 -u0" > inetd_enable="NO" > > I have turned off RhostsAuthentication, RhostsRSAAuthentication, >HostbasedAuthentication > No user@host pattern in AllowUsers and DenyUsers - Things that would > have required reverse DNS lookup according to man page. > > An ssh 3.4p1 client running from a different machine with couple of -v's gives > > debug1: got SSH2_MSG_SERVICE_ACCEPT > <--- A delay of almost 1 to 2 minutes. > debug3: input_userauth_banner > > I use the 'Banner' thing at the server - that is the debug3 line. > I have tried with & without the banner (just being paranoid) but > still the same result. > > Any help is appreciated > > -- > Hari Bhaskaran -- Hari Bhaskaran To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message