On Sun, May 25, 2008 at 2:02 PM, Jason Pyeron jpyeron@pdinc.us wrote:
Try to change this in your /etc/ssh/sshd_config:
Change:
UseDNS yes to: UseDNS no
Okay that fixed it, but why? I used nslookup and set my server to the same as /etc/resolv.conf. There were no delays, at all all of our class C resolves both ways (and matching) same as out private net.
Where to go next on "properly" fixing this sshd/dns issue?
Once I had this problem and it was related to IPv6. You may try to see if the other change (ListenAddress :: to ListenAddress <IP>) also fixes the issue without touching DNS. The problem is that sshd tries to resolve IPv6 addresses using AAAA queries and your DNS fails to answer to them, giving it a timeout of 5 seconds for each query (10 seconds in total IIRC).
This is much harder to debug, I've actually found that to be the misbehaviour by using strace on an sshd. You may also try to run "tcpdump udp" on your sshd server, you might see the queries and the timeouts.
In any case, I would say that the "proper" way to fix it is to disable IPv6 if you don't need it and have no use for it. (Or go all the way and configure DNS for it, although it is really tricky right now.) The way to do it is include "alias net-pf-10 off" in /etc/modprobe.conf.
HTH, Filipe