Re: Extremely slow authentication via SSH on FreeBSD 6.0
Your last hint suggests that this is, in fact, a dns reverse resolution issue. Log into your server which is slow and try to resolve the ip address of the host you trying to connect from (for instance, if you trying to connect from 10.0.0.1 to 199.1.1.1, log into 199.1.1.1 and execute something like nslookup 10.0.0.1). If the command times out, you found the issue. hth On Jan 1, 2008 4:03 PM, Forrest Aldrich [EMAIL PROTECTED] wrote: First, thank you to others who posted about this issue. I altered /etc/ssh/sshd_config for UseDNS no, and noticed I get the prompt right away, however it still takes about 15 seconds after authentication to get a shell prompt. This is FreeBSD version: FreeBSD 6.3-PRERELEASE #7: Sat Dec 22 11:12:15 EST 2007 I noticed this behavior after the last system build and install. Prior to that, I didn't see problems like this. I don't see this problem with httpd (apache) etc. The DNS servers my ISP provides are quickly reachable and appear to be caching very well, so I doubt that's the issue. Conversely, and perhaps this is a hint, the GW I log in to has this problem, but if I log in from there to an internal system using the same exact version of FreeBSD, I don't have any problems like this at all. The difference being I also use internal DNS as well as /etc/hosts entries. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
First, thank you to others who posted about this issue. I altered /etc/ssh/sshd_config for UseDNS no, and noticed I get the prompt right away, however it still takes about 15 seconds after authentication to get a shell prompt. This is FreeBSD version: FreeBSD 6.3-PRERELEASE #7: Sat Dec 22 11:12:15 EST 2007 I noticed this behavior after the last system build and install. Prior to that, I didn't see problems like this. I don't see this problem with httpd (apache) etc. The DNS servers my ISP provides are quickly reachable and appear to be caching very well, so I doubt that's the issue. Conversely, and perhaps this is a hint, the GW I log in to has this problem, but if I log in from there to an internal system using the same exact version of FreeBSD, I don't have any problems like this at all. The difference being I also use internal DNS as well as /etc/hosts entries. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
On Jan 8, 2006, at 11:39 PM, Dave wrote: Hi, I caught this midthread, but two things. Are you running sshd in a jail? And do you have dns resolving? I recently had an ssh slow authentication issue, which when found was dns not resolving. Try setting UseDns to no in sshd_config see if that helps. HTH Dave. - Original Message - From: Garrett Cooper [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Monday, January 09, 2006 2:42 AM Subject: Re: Extremely slow authentication via SSH on FreeBSD 6.0 On Jan 8, 2006, at 9:10 PM, Derek Musselmann wrote: On Jan 8, 2006, at 7:21 PM, Garrett Cooper wrote: I'm having a hard time authenticating after upgrading the kernel and some packages, and I was wondering if someone could help me out with this issue. I marked the trouble points and included my sshd_config. I noticed in your sshd_config that you have: # Change to yes to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable PAM authentication ChallengeResponseAuthentication no By default, ssh uses PAM for authentication. By commenting those lines out, it doesn't mean that password checking won't be done, just that it will be handled with PAM. And then later in the file you have: UsePAM yes Try commenting out the PasswordAuthentication, PermitEmptyPasswords, and ChallengeResponse lines. - Derek Musselmann http://www.disflux.com Tried exactly that, and it doesn't seem to have change the performance, actually =\... It still hangs in the same location, strangely enough. -Garrett VOILA! Gratzi sir! -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
On Jan 8, 2006, at 11:39 PM, Dave wrote: Hi, I caught this midthread, but two things. Are you running sshd in a jail? And do you have dns resolving? I recently had an ssh slow authentication issue, which when found was dns not resolving. Try setting UseDns to no in sshd_config see if that helps. HTH Dave. - Original Message - From: Garrett Cooper [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Sent: Monday, January 09, 2006 2:42 AM Subject: Re: Extremely slow authentication via SSH on FreeBSD 6.0 On Jan 8, 2006, at 9:10 PM, Derek Musselmann wrote: On Jan 8, 2006, at 7:21 PM, Garrett Cooper wrote: I'm having a hard time authenticating after upgrading the kernel and some packages, and I was wondering if someone could help me out with this issue. I marked the trouble points and included my sshd_config. I noticed in your sshd_config that you have: # Change to yes to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable PAM authentication ChallengeResponseAuthentication no By default, ssh uses PAM for authentication. By commenting those lines out, it doesn't mean that password checking won't be done, just that it will be handled with PAM. And then later in the file you have: UsePAM yes Try commenting out the PasswordAuthentication, PermitEmptyPasswords, and ChallengeResponse lines. - Derek Musselmann http://www.disflux.com Tried exactly that, and it doesn't seem to have change the performance, actually =\... It still hangs in the same location, strangely enough. -Garrett I should be more specific. Setting UseDNS to no did the trick. Maybe sshd was confused by my hostname setup in /etc/hosts, but I'm not going to speculate there. All that I know is that it works like it used to =). -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
On Monday 09 January 2006 08:18, Garrett Cooper wrote: I should be more specific. Setting UseDNS to no did the trick. Maybe sshd was confused by my hostname setup in /etc/hosts, but I'm not going to speculate there. All that I know is that it works like it used to =). -Garrett I've had this problem before. You can keep DNS turned on if /etc/resolv.conf contains reachable nameservers. The DNS lookup timeout in sshd is very long Ashley ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
2. Re: Extremely slow authentication via SSH on FreeBSD 6.0 (Ashley Moran) Message: 2 Date: Mon, 9 Jan 2006 10:36:14 + From: Ashley Moran [EMAIL PROTECTED] Subject: Re: Extremely slow authentication via SSH on FreeBSD 6.0 To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 On Monday 09 January 2006 08:18, Garrett Cooper wrote: I should be more specific. Setting UseDNS to no did the trick. Maybe sshd was confused by my hostname setup in /etc/hosts, but I'm not going to speculate there. All that I know is that it works like it used to =). -Garrett I've had this problem before. You can keep DNS turned on if /etc/resolv.conf contains reachable nameservers. The DNS lookup timeout in sshd is very long Ashley I posted a similiar problem on Sunday but didn't get any responses. I turned off DNS in the sshd_config file and the sshd time out problem went away for me as well. Actually I had to turn off dns lookup up for apache and proftpd as well because those services were running extremely slow or not responding. If you've not made any modifications to your system, why would this happen? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
Boy, talk about good timing! I just joined this list yesterday. The reason I joined was to see if I could get any help solving what appears to have been (approximately) this same problem. I also had the problem of extremely slow SSH authentication. In fact, it was so slow that at first I thought is was simply dead, because most often it would time out and give up. In my case, I had not made any changes to the system whatsoever. SSH had been working fine since I originally installed FreeBSD 5.4 a few months ago. But then a few days ago it just suddenly started having this problem. In my case, Apache did _NOT_ seem to be suffering from the same problem. I changed my sshd configuration to set UseDNS to no, and that seems to have fixed the problem. So I'm quite happy, and grateful. However, it does leave me curious ... Something must have changed in my network (a small home network on a DSL router), I guess, but I don't know what. I posted a similiar problem on Sunday but didn't get any responses. I turned off DNS in the sshd_config file and the sshd time out problem went away for me as well. Actually I had to turn off dns lookup up for apache and proftpd as well because those services were running extremely slow or not responding. If you've not made any modifications to your system, why would this happen? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
On Jan 8, 2006, at 7:21 PM, Garrett Cooper wrote: I'm having a hard time authenticating after upgrading the kernel and some packages, and I was wondering if someone could help me out with this issue. I marked the trouble points and included my sshd_config. I noticed in your sshd_config that you have: # Change to yes to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable PAM authentication ChallengeResponseAuthentication no By default, ssh uses PAM for authentication. By commenting those lines out, it doesn't mean that password checking won't be done, just that it will be handled with PAM. And then later in the file you have: UsePAM yes Try commenting out the PasswordAuthentication, PermitEmptyPasswords, and ChallengeResponse lines. - Derek Musselmann http://www.disflux.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Extremely slow authentication via SSH on FreeBSD 6.0
On Jan 8, 2006, at 9:10 PM, Derek Musselmann wrote: On Jan 8, 2006, at 7:21 PM, Garrett Cooper wrote: I'm having a hard time authenticating after upgrading the kernel and some packages, and I was wondering if someone could help me out with this issue. I marked the trouble points and included my sshd_config. I noticed in your sshd_config that you have: # Change to yes to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no # Change to no to disable PAM authentication ChallengeResponseAuthentication no By default, ssh uses PAM for authentication. By commenting those lines out, it doesn't mean that password checking won't be done, just that it will be handled with PAM. And then later in the file you have: UsePAM yes Try commenting out the PasswordAuthentication, PermitEmptyPasswords, and ChallengeResponse lines. - Derek Musselmann http://www.disflux.com Tried exactly that, and it doesn't seem to have change the performance, actually =\... It still hangs in the same location, strangely enough. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]