[CentOS] how to debug ssh slow connection issues.

Fri May 23 19:50:35 UTC 2008
Jason Pyeron <jpyeron at pdinc.us>


> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Jason Pyeron
> Sent: Friday, May 23, 2008 2:42 PM
> 
> 
> > -----Original Message-----
> > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> > Behalf Of Paul Heinlein
> > Sent: Friday, May 23, 2008 2:35 PM
> >
> > On Fri, 23 May 2008, Jason Pyeron wrote:
> >
> > >>> debug3: Normalising mapped IPv4 in IPv6 address
> > >>> debug3: Trying to reverse map address 192.168.1.80.
> > >>>
> > >>> paused 7 seconds
> > >>
> > >> Here, obviously, is part of the problem. Your name service isn't
> > >> answering reverse lookups for your LAN addresses -- or it least it
> > >> isn't answering them in a timely manner. Fixing that, either
> > >> through DNS or /etc/hosts, will help a bunch.
> > >
> > > [root at 192.168.1.21 ~]# date && host 192.168.1.80  && date && host
> > > host80.1.internal.pdinc.us && date Fri May 23 13:55:52 EDT 2008
> > > 80.1.168.192.in-addr.arpa domain name pointer
> host80.1.internal.pdinc.us.
> > > Fri May 23 13:55:52 EDT 2008
> > > host80.1.internal.pdinc.us has address 192.168.1.80 Fri May 23
> 13:55:52
> > EDT
> > > 2008
> > > [root at 192.168.1.21 ~]#
> > >
> > > Hmmm, does not take 7 seconds.
> >
> > User-space utilities like /usr/bin/host don't always provide an
> > accurate reflection of the name services inherited by init- or
> > kernel-launched processes -- especially if the network wasn't (for
> > reasons unknown) fully functional at boot time.
> 
> Reboot?

No effect.

> 
> > I'm still inclined to believe that hostname-lookup issues are involved
> > here; an strace with timestamps might provide a better glimpse of the
> > exact system calls that are timing out.
> 
> Like wise, but with local DNS and local IPs humming perfectly?
> 

Weird:

[root at 192.168.1.21 ~]# for i in `ip addr show | perl -ne 'm/inet (.+)\// and
print $1,"\n";'`; do echo try $i && time ssh $i true && echo; done
try 127.0.0.1

real    0m0.093s
user    0m0.007s
sys     0m0.001s

try public_ip_1_in_/etc/sysconfig/network-scripts/ifcfg-eth0

real    0m5.799s
user    0m0.005s
sys     0m0.005s

try 192.168.1.21

real    0m28.484s
user    0m0.007s
sys     0m0.003s

try public_ip_2

real    0m28.552s
user    0m0.007s
sys     0m0.001s

try public_ip_3

real    0m28.503s
user    0m0.007s
sys     0m0.003s

try 192.168.1.39

real    0m28.559s
user    0m0.006s
sys     0m0.003s

try 192.168.1.52

real    0m28.487s
user    0m0.006s
sys     0m0.003s

try 192.168.1.58

real    0m28.489s
user    0m0.008s
sys     0m0.002s



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited.