[CentOS] how to debug ssh slow connection issues.

Jason Pyeron jpyeron at pdinc.us
Mon May 26 04:39:07 UTC 2008 


> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Filipe Brandenburger
> Sent: Monday, May 26, 2008 12:15 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] how to debug ssh slow connection issues.
> 
> On Sun, May 25, 2008 at 2:02 PM, Jason Pyeron <jpyeron at pdinc.us> wrote:
> >> Try to change this in your /etc/ssh/sshd_config:
> >>
> >> Change:
> >>
> >> UseDNS yes
> >> to:
> >> UseDNS no
> >
> > Okay that fixed it, but why? I used nslookup and set my server to the
> same
> > as /etc/resolv.conf. There were no delays, at all all of our class C
> > resolves both ways (and matching) same as out private net.
> >
> > Where to go next on "properly" fixing this sshd/dns issue?
> 
> Once I had this problem and it was related to IPv6. You may try to see
> if the other change (ListenAddress :: to ListenAddress <IP>) also
> fixes the issue without touching DNS. The problem is that sshd tries
> to resolve IPv6 addresses using AAAA queries and your DNS fails to
> answer to them, giving it a timeout of 5 seconds for each query (10
> seconds in total IIRC).
> 

Did that, no net effect.

> This is much harder to debug, I've actually found that to be the
> misbehaviour by using strace on an sshd. You may also try to run
> "tcpdump udp" on your sshd server, you might see the queries and the
> timeouts.

So I have a log, but not sure what I am looking at.

debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 192.168.1.80. 
00:28:03.376914 IP 192.168.1.21.36264 > 192.168.1.10.domain:  38414+ PTR?
80.1.168.192.in-addr.arpa. (43)
00:28:04.041912 IP 192.168.1.10.domain > 192.168.1.21.36264:  38414* 1/1/0
(110)

> 
> In any case, I would say that the "proper" way to fix it is to disable
> IPv6 if you don't need it and have no use for it. (Or go all the way
> and configure DNS for it, although it is really tricky right now.) The
> way to do it is include "alias net-pf-10 off" in /etc/modprobe.conf.
> 

Will look into that.


Fixed it, but why?????
rpm -e samba system-config-samba samba-common samba-client


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited.

More information about the CentOS mailing list