-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Filipe Brandenburger Sent: Monday, May 26, 2008 12:15 AM To: CentOS mailing list Subject: Re: [CentOS] how to debug ssh slow connection issues.
On Sun, May 25, 2008 at 2:02 PM, Jason Pyeron jpyeron@pdinc.us wrote:
Try to change this in your /etc/ssh/sshd_config:
Change:
UseDNS yes to: UseDNS no
Okay that fixed it, but why? I used nslookup and set my server to the
same
as /etc/resolv.conf. There were no delays, at all all of our class C resolves both ways (and matching) same as out private net.
Where to go next on "properly" fixing this sshd/dns issue?
Once I had this problem and it was related to IPv6. You may try to see if the other change (ListenAddress :: to ListenAddress <IP>) also fixes the issue without touching DNS. The problem is that sshd tries to resolve IPv6 addresses using AAAA queries and your DNS fails to answer to them, giving it a timeout of 5 seconds for each query (10 seconds in total IIRC).
Did that, no net effect.
This is much harder to debug, I've actually found that to be the misbehaviour by using strace on an sshd. You may also try to run "tcpdump udp" on your sshd server, you might see the queries and the timeouts.
So I have a log, but not sure what I am looking at.
debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: Trying to reverse map address 192.168.1.80. 00:28:03.376914 IP 192.168.1.21.36264 > 192.168.1.10.domain: 38414+ PTR? 80.1.168.192.in-addr.arpa. (43) 00:28:04.041912 IP 192.168.1.10.domain > 192.168.1.21.36264: 38414* 1/1/0 (110)
In any case, I would say that the "proper" way to fix it is to disable IPv6 if you don't need it and have no use for it. (Or go all the way and configure DNS for it, although it is really tricky right now.) The way to do it is include "alias net-pf-10 off" in /etc/modprobe.conf.
Will look into that.
Fixed it, but why????? rpm -e samba system-config-samba samba-common samba-client
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.