SSH Login Speed

Lonnie Olson lists at
Thu Jun 5 16:13:50 MDT 2008

On Thu, Jun 5, 2008 at 1:40 PM, Kimball Larsen
<kimball at> wrote:
> Instead of mucking about with GSSAPI settings, I just added "UseDNS no" to
> /etc/ssh/sshd_config and restarted the ssh daemon.
> Login now takes < 1 second on both machines (it's nearly instantaneous, in
> fact)
> Interestingly, /etc/hosts is identical for both machines, as is
> /etc/resolv.conf.
> Odd that DNS was taking so long from one but not from the other.

The problem here is not that DNS doesn't work on one, but does on the other.
The problem is caused when the ssh client doesn't have a reverse DNS
record at all.  By default, when a server receives an incoming
connection a reverse lookup is done, if this fails (meaning no record
returned) it will hang for about 5 more seconds.

This may be caused by the GSSAPI module as previously suggested, but
instead of disabling either GSSAPI or UseDNS, the *correct* (IMHO)
approach is to add a reverse DNS record or add it to your hosts file
on all machines.


More information about the PLUG mailing list