[CentOS] how to debug ssh slow connection issues.
Filipe Brandenburger
filbranden at gmail.com
Mon May 26 04:14:46 UTC 2008
On Sun, May 25, 2008 at 2:02 PM, Jason Pyeron <jpyeron at pdinc.us> wrote:
>> Try to change this in your /etc/ssh/sshd_config:
>>
>> Change:
>>
>> UseDNS yes
>> to:
>> UseDNS no
>
> Okay that fixed it, but why? I used nslookup and set my server to the same
> as /etc/resolv.conf. There were no delays, at all all of our class C
> resolves both ways (and matching) same as out private net.
>
> Where to go next on "properly" fixing this sshd/dns issue?
Once I had this problem and it was related to IPv6. You may try to see
if the other change (ListenAddress :: to ListenAddress <IP>) also
fixes the issue without touching DNS. The problem is that sshd tries
to resolve IPv6 addresses using AAAA queries and your DNS fails to
answer to them, giving it a timeout of 5 seconds for each query (10
seconds in total IIRC).
This is much harder to debug, I've actually found that to be the
misbehaviour by using strace on an sshd. You may also try to run
"tcpdump udp" on your sshd server, you might see the queries and the
timeouts.
In any case, I would say that the "proper" way to fix it is to disable
IPv6 if you don't need it and have no use for it. (Or go all the way
and configure DNS for it, although it is really tricky right now.) The
way to do it is include "alias net-pf-10 off" in /etc/modprobe.conf.
HTH,
Filipe
More information about the CentOS
mailing list