> There is now a slight pause (approx 3-4 sec) after the password is entered before ssh displays /etc/motd, is this due to the system checking what is specified in the hosts: files dns line in /etc/nsswitch.conf [?]
A delay *after* authentication is probably caused by your login shell's startup sequence on the server side. For example, bash executes /etc/profile, /etc/bash.bashrc, ~/.bash_login, ~/.profile, and ~/.bashrc in order. You can trace how long each script takes to execute by adding a line like e.g. »echo "/etc/profile"« to the bottom. Anyway: To further cut down on delay *before* password authentication, add "GSSAPIAuthentication no" to /etc/ssh/ssh_config on your client. This will prevent SSH from requesting GSSAPI auth, which would fail silently anyway because it is disabled by the default sshd_config shipped in Ubuntu. (Except, of course, if you explicitly deployed Kerberos.) > looking back on it I specified the LoginGraceTime value based on a Debian system hardening website/walk through ....thoughts? One could imagine a Distributed Denial of Service attack where multiple foreign hosts bombard the server with new connection attempts. This will leave this server's CPU(s) commited to answering connection attempts while doing little other work, exhaust the server's memory and file descriptor resources, and overflow the session tables of any stateful firewalls or NAT routers that happen to sit in front of the server. Lowering LoginGraceTime will shorten the timeout until sshd closes an unauthentified incoming connection. Lowering MaxStartups will limit the maximum number of concurrent unauthentified connections. These two settings will lessen the damage somewhat, though with a side effect: Your incoming SSH connections won't be treated any differently, effectively locking you out of your own system. There's probably more to it, but these are my thougths :) -- (bash) ssh to other systems fails to connect https://bugs.launchpad.net/bugs/84849 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
