Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A possible fix for slow SSH connections' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A possible fix for slow SSH connections
Authored by: striker on Apr 02, '05 01:13:51PM

The problem is DNS lookup timeout. Editing /etc/hosts provides a quick fix for any given client, but does not eliminate the problem.

You need to check /etc/resolv.conf and make sure that it points to a valid name server.

There needs to be at least one line of the form:
nameserver: A.B.C.D

Where A.B.C.D is the IP address of a DNS server which responds. DNS servers are queried in the order in which they are specified, so if you already have nameserver entries, make sure they respond.

The other file you might want to look at is /etc/nsswitch.conf
This file tells the system where it should look in order to resolve various things. The line you care about is the 'hosts' line. It should probably read 'hosts: files dns' (Not sure about any mac-specific stuff that might be in there too. I'm a unix guy, not a mac guy.)

'files' tells the system to first check for host entries in /etc/hosts. 'dns' tells it to check /etc/resolv.conf for name servers to query.

Hope this helps.

Rached Blili



[ Reply to This | # ]
A possible fix for slow SSH connections
Authored by: teefour on Apr 02, '05 06:13:03PM

tcpdump showed me that my mac won't try the order of preference which lookupd is supposed to use, it tries mDNS (Rendezvous) instead. Adding an address to /etc/hosts will fix it, but a better way would be to set the search to hosts first, followed by dns and mDNS afterwards.
So far i haven't bothered because the following in ~/.ssh/config

Host myserver
Hostname ip-address
Port 22
User foo

fixed it for me. (the reverse still doesn't work, but it's fast enough this way)



[ Reply to This | # ]
sshd, lookupd, reverse DNS
Authored by: sjk on Apr 03, '05 07:06:49PM
That might explain the "Apr 3 11:48:26 hostname sshd[1731]: reverse mapping checking getaddrinfo for example.org failed - POSSIBLE BREAKIN ATTEMPT!" warnings from sshd even when reverse DNS is properly configured. But I don't see any way to configure lookupd to avoid that; it's currently using:
LookupOrder: Cache FF DNS NI DS
_config_name: Host Configuration
Another symptom is the who command (for instance) displaying the IP address for remote hostnames, while DNS PTR lookups return accurate data.

Anyone know what needs to be tweaked so address-to-name lookups will work properly, without creating static host entries, when DNS is verified as correctly configured?

[ Reply to This | # ]