instead of asking the OpenSSH project to change their default configuration, i filed a bug to have the lookup not be blocking.
Bug 2545 - reverse DNS lookups shouldn't block login https://bugzilla.mindrot.org/show_bug.cgi?id=2545 ** Bug watch added: OpenSSH Portable Bugzilla #2545 https://bugzilla.mindrot.org/show_bug.cgi?id=2545 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/424371 Title: Logins to OpenSSH server slow due to "UseDNS yes" config Status in openssh package in Ubuntu: Confirmed Bug description: When logging in to my Ubuntu 8.04 Server edition server via SSH (client PuTTY), logins take exactly 20 seconds from the time the username is entered and the time the password request appears. The problem is caused by the "UseDNS yes" config parameter. When it is changed to "UseDNS no", the server logs in instantly. The cause of the problem is that the server is in a network that does not have a DHCP server to store client hostnames, and thus, when requesting the hostname, it waits for the request to timeout. When the same server is put on a network with a DHCP server, the logins are instantaneous as well. Another workaround is to put the client's hostname and IP address in /etc/hosts. This bug has similar symptoms to https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899 , but in my case, disabling GSSAPIAuthentication does not resolve the issue. I would disable UseDNS permanently, but I am skiddish because it sounds like a security feature. Unfortunately, it seems worthless; when I put the client's hostname and the WRONG IP address in /etc/hosts, the connection still is successful (after a 20 second delay). That poses the question: what is the point of UseDNS? In bug 84899, someone suggests changing /etc/nsswitch.conf, but my configuration was already like the recommended fix. All config files are at their defaults. To Reproduce: Install Ubuntu Server 8.04 `apt-get install openssh-server` Put machine on non-DHCP network Connect to machine's IP `lsb_release -rd` Description: Ubuntu 8.04.3 LTS Release: 8.04 `apt-cache policy openssh-server1 Installed: 1:4.7p1-8ubuntu1.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/424371/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
