On Jun 5, 2008, at 1:31 PM, Bryan Sant wrote:
On Thu, Jun 5, 2008 at 1:20 PM, Kimball Larsen
<[EMAIL PROTECTED]> wrote:
same private lan (192.168.0.x). How would dns come into play here?
I'm guessing that GSSAPI is one of the forms of authentication that
your server has enabled. GSSAPI does reverse DNS lookups (among other
things).
/etc/ssh/sshd_config is identical for both machines.
Strange. My understanding is that GSSAPI is similar to PAM -- it's an
authentication API with a modular backend. It's possible that you
have GSSAPI enabled as an authentication mechanism in both SSH daemon
configs, but only one of the two servers is using a GSSAPI backend
that actually does a reverse DNS lookup... Or your have your client
IP address in the /etc/hosts file on one box but not the other (or
something like that). Just grasping at straws :-).
-Bryan
I think I found it:
Instead of mucking about with GSSAPI settings, I just added "UseDNS
no" to /etc/ssh/sshd_config and restarted the ssh daemon.
Login now takes < 1 second on both machines (it's nearly
instantaneous, in fact)
Interestingly, /etc/hosts is identical for both machines, as is /etc/
resolv.conf.
Odd that DNS was taking so long from one but not from the other.
What other problems might this indicate?
dig appears to take about the same amount of time from both machines.
(ie, dns lookups outside of ssh handshake)
- Kimball
http://www.kimballlarsen.com
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
