https://bugzilla.mindrot.org/show_bug.cgi?id=1667
Summary: sshd slow connect with 'UseDNS yes' Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-b...@mindrot.org ReportedBy: brian.p.stam...@nasa.gov ssh is slow to connect (25 seconds) when UseDNS is enabled, despite quick name servers. Disabling UseDNS is a poor workaround, especially since I ask my users to anchor their ssh keys with "from=" lines in their authorized_keys file. If the client host is in /etc/hosts, the connection is immediate. If the client host is not in /etc/hosts, the connection takes 25 seconds. If I turn off UseDNS, the connection is once again instant. My DNS servers are near instant responses. [r...@server ~]# time nslookup <client ip> Server: x Address: x <client ip>.in-addr.arpa name = <client> real 0m0.005s user 0m0.000s sys 0m0.004s [r...@server ~]# time nslookup <client> Server: x Address: x Name: <client> Address: <client ip> real 0m0.005s user 0m0.001s sys 0m0.003s [r...@server ~]# I have confirmed that this seemingly affects all of my hosts running Fedora 10 or later (openssh 5.2p1) but not my machines running Fedora 9 or earlier (openssh 5.1p1) nsswitch.conf hosts is set to "files dns" I've seen threads about this in the ubuntu and other forums, and inevitably the answer is "Turn UseDNS to off" That's not really a great answer. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs