Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

always takes exactly 40 seconds to log in via ssh

8 views
Skip to first unread message

Bennett Haselton

unread,
Mar 20, 2008, 1:39:21 AM3/20/08
to
I have a dedicated server where even when the http server is
responding quickly, it takes 40 seconds to log in via ssh. Moreover,
it always takes EXACTLY 40 seconds to log in.

When it always takes exactly the same amount of time to connect, that
suggests it's not due to the server load; it's due to the server
trying to do some sort of check on me (reverse DNS, maybe? but I have
reverse DNS set up, so that shouldn't take so long) and it takes 40
seconds before that times out and it lets me in anyway.

How do I disable this, so it lets me in right away? I already read
the FAQ at
http://www.employees.org/~satch/ssh/faq/ssh-faq.html
but couldn't find the answer.

Nico Kadel-Garcia

unread,
Mar 20, 2008, 5:21:49 AM3/20/08
to
On 20 Mar, 05:39, Bennett Haselton <benn...@peacefire.org> wrote:
> I have a dedicated server where even when the http server is
> responding quickly, it takes 40 seconds to log in via ssh.  Moreover,
> it always takes EXACTLY 40 seconds to log in.
>
> When it always takes exactly the same amount of time to connect, that
> suggests it's not due to the server load; it's due to the server
> trying to do some sort of check on me (reverse DNS, maybe? but I have
> reverse DNS set up, so that shouldn't take so long) and it takes 40
> seconds before that times out and it lets me in anyway.
>
> How do I disable this, so it lets me in right away?  I already read
> the FAQ athttp://www.employees.org/~satch/ssh/faq/ssh-faq.html

> but couldn't find the answer.

This is an *old* problem. Most SSH daemons rather insist on a reverse
DNS, for logging reasons. It's awkward to turn off, there is no
configuration option that does it. But if you get your clients
registered in reverse DNS, it helps. It's also possible, from theh
client, to interrupt the first connection and start a new one that
typically works faster due to caching of the failed reverse DNS on the
server.

But if you have control of the server, you can also alter the iinit
scripts for OpenSSH to use the '-u0' flag. By setting the length of
the recorded reverse DNS lookup to 0, it skips the step altogether.

Unruh

unread,
Mar 20, 2008, 8:08:09 PM3/20/08
to
Bennett Haselton <ben...@peacefire.org> writes:

>I have a dedicated server where even when the http server is
>responding quickly, it takes 40 seconds to log in via ssh. Moreover,
>it always takes EXACTLY 40 seconds to log in.

>When it always takes exactly the same amount of time to connect, that
>suggests it's not due to the server load; it's due to the server
>trying to do some sort of check on me (reverse DNS, maybe? but I have
>reverse DNS set up, so that shouldn't take so long) and it takes 40
>seconds before that times out and it lets me in anyway.

Yes, sounds like a timeout. Why not run tcpdump on the server and the
client and see what packets are sent onto the net to try to see what is
being asked for?

>How do I disable this, so it lets me in right away? I already read
>the FAQ at
>http://www.employees.org/~satch/ssh/faq/ssh-faq.html
>but couldn't find the answer.

No idea since we have no idea what it is that is timing out.


0 new messages