[CentOS] how to debug ssh slow connection issues.

Sun May 25 18:16:40 UTC 2008
Jay Leafey <jay.leafey at mindless.com>

Jason Pyeron wrote:
>> -----Original Message-----
>> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
>> Behalf Of Filipe Brandenburger
>> Sent: Friday, May 23, 2008 8:55 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] how to debug ssh slow connection issues.
>> Try to change this in your /etc/ssh/sshd_config:
>> Change:
>> UseDNS yes
>> to:
>> UseDNS no
> Okay that fixed it, but why? I used nslookup and set my server to the same
> as /etc/resolv.conf. There were no delays, at all all of our class C
> resolves both ways (and matching) same as out private net.
> Where to go next on "properly" fixing this sshd/dns issue?

 From the earlier posts, it appears that your DNS server is not properly 
resolving the REVERSE addresses, i.e. IP address-to-hostname.  SSH does 
a reverse lookup, trying to resolve the IP address to a hostname, unless 
you set the "UseDNS" option to "no".

Until you fix your DNS server to properly resolve the reverse addresses 
for your network you will continue to have this issue.  Having gone down 
this road myself, it's not as hard as it sounds.  Just having a 
nameserver resolve your local FORWARD zone won't cut it, you have to 
have the REVERSE zone set up too.

In my example, I have a local network named "local" (how original!) and 
use the address range.  The nameserver I use (Bind 9 on a 
CentOS box) is configured mostly as a caching nameserver but resolves 
two local domains, "local" and "1.168.192.in-addr.arpa".  All of the 
name-to-ip entries ("A" records) and aliases ("CNAME" records) are in 
the "local" zone, all of the ip-to-name entries ("PTR" records) are in 
the "1.168.192.in-addr.arpa" zone.

If this is mostly gibberish, it might be a good idea to brush up a bit 
on using the bind nameserver, there are several useful tutorials 
available on the web, a quick Google search will turn up several.  The 
best reference I can recommend is "DNS and Bind" by Paul Abniz and 
Cricket Liu, published by O'Reilly.  There's a good combination of 
theory and practice in that book, but it is a daunting read for a newbie.

Just my $.02!
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080525/232bc1e0/attachment-0005.bin>