Thanks. This made the ssh connection go much faster. For Fedora Core
1, it took adding the IP to the hosts file to do it. The other ones did
not have any effect. (It was already looking at the hosts file before
the DNS server). I was not able to set up IP addresses on the DNS
server, though that would have solved the DNS timing problem also.
This did allow me to do local host checks. I will backtrack just a
little and "undo" a few of the things I had done to see if this was the
one which allowed it to work.
Thanks everyone!
Javier Fernandez-Sanguino wrote:
Tim Young dijo:
When I do an ssh from the command-line, there is an 8 second delay or
so as it connects. So far as I can tell, this is because the FC1
computer is doing a DNS lookup.
You have several ways to prevent this:
1.- Change /etc/nsswitch.conf so that the hosts: lines reads 'hosts:
files' (I'm not 100% this affects all OpenSSH releases, however)
2.- Add the IP/name of the Nessusd server to the system's /etc/hosts
file (ditto)
3.- Configure the remote OpenSSH server to *not* do reverse DNS
lookups on a host by setting:
- 'UseDNS no' in the sshd_config file (for release 3.8), the
default value is yes.
- 'VerifyReverseMapping no' (for 3.4 and 3.6 releases). The
default value in these releases was 'no'.
4.- Have the network administrator add reverse DNS entries for all IPs
If you do 4, you can test the time it takes to answer by timing the
execution of 'host IP_ADRR_OF_NESSUS_SERVER' in the FC1 system you are
scanning (you can also check with 'dig -x IP_ADRR_OF_NESSUS_SERVER' if
you have 'dig' installed).
Hope that helps.
Javier
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
