SSH Login Speed

Lonnie Olson lists at kittypee.com
Thu Jun 5 16:13:50 MDT 2008


On Thu, Jun 5, 2008 at 1:40 PM, Kimball Larsen
<kimball at kimballlarsen.com> wrote:
> Instead of mucking about with GSSAPI settings, I just added "UseDNS no" to
> /etc/ssh/sshd_config and restarted the ssh daemon.
>
> Login now takes < 1 second on both machines (it's nearly instantaneous, in
> fact)
>
> Interestingly, /etc/hosts is identical for both machines, as is
> /etc/resolv.conf.
>
> Odd that DNS was taking so long from one but not from the other.

The problem here is not that DNS doesn't work on one, but does on the other.
The problem is caused when the ssh client doesn't have a reverse DNS
record at all.  By default, when a server receives an incoming
connection a reverse lookup is done, if this fails (meaning no record
returned) it will hang for about 5 more seconds.

This may be caused by the GSSAPI module as previously suggested, but
instead of disabling either GSSAPI or UseDNS, the *correct* (IMHO)
approach is to add a reverse DNS record or add it to your hosts file
on all machines.

--lonnie



More information about the PLUG mailing list