https://bugzilla.mindrot.org/show_bug.cgi?id=1667
Summary: sshd slow connect with 'UseDNS yes'
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: unassigned-b...@mindrot.org
ReportedBy: brian.p.stam...@nasa.gov
ssh is slow to connect (25 seconds) when UseDNS is enabled, despite
quick name servers. Disabling UseDNS is a poor workaround, especially
since I ask my users to anchor their ssh keys with "from=" lines in
their authorized_keys file.
If the client host is in /etc/hosts, the connection is immediate. If
the client host is not in /etc/hosts, the connection takes 25 seconds.
If I turn off UseDNS, the connection is once again instant. My DNS
servers are near instant responses.
[r...@server ~]# time nslookup <client ip>
Server: x
Address: x
<client ip>.in-addr.arpa name = <client>
real 0m0.005s
user 0m0.000s
sys 0m0.004s
[r...@server ~]# time nslookup <client>
Server: x
Address: x
Name: <client>
Address: <client ip>
real 0m0.005s
user 0m0.001s
sys 0m0.003s
[r...@server ~]#
I have confirmed that this seemingly affects all of my hosts running
Fedora 10 or later (openssh 5.2p1) but not my machines running Fedora 9
or earlier (openssh 5.1p1)
nsswitch.conf hosts is set to "files dns"
I've seen threads about this in the ubuntu and other forums, and
inevitably the answer is "Turn UseDNS to off" That's not really a
great answer.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
