From owner-freebsd-questions@freebsd.org Thu Jul 19 20:22:28 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25CC4104906C for ; Thu, 19 Jul 2018 20:22:28 +0000 (UTC) (envelope-from freebsd-en@lists.vlassakakis.de) Received: from dd14614.kasserver.com (dd14614.kasserver.com [85.13.136.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8F03479AF5 for ; Thu, 19 Jul 2018 20:22:27 +0000 (UTC) (envelope-from freebsd-en@lists.vlassakakis.de) Received: from [192.168.3.57] (p5496E1D0.dip0.t-ipconnect.de [84.150.225.208]) by dd14614.kasserver.com (Postfix) with ESMTPSA id B072C43C17B1; Thu, 19 Jul 2018 22:22:17 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: Re: FreeBSD-11.1 Jails and SSL From: Philipp Vlassakakis X-Priority: 3 (Normal) In-Reply-To: Date: Thu, 19 Jul 2018 22:22:17 +0200 Cc: freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: byrnejb@harte-lyne.ca X-Mailer: Apple Mail (2.3445.9.1) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2018 20:22:28 -0000 Does DNS work in the jail without any delay/issue? Maybe there are = problems with dns resolution? Is =E2=80=9EUseDNS=E2=80=9C turned on? -> = https://www.freebsd.org/cgi/man.cgi?sshd_config(5) Regards, Philipp > Am 19.07.2018 um 22:11 schrieb James B. Byrne via freebsd-questions = : >=20 > I notice a distinct delay when connecting to a jail using ssh. There > is no delay when I connect to the jail's host. The jail is running > local_unbound and sshd_config contains the same settings as the host, > with the necessary changes for the service IP and such. >=20 > I ran ssh with -vv and the connection is instantaneous up to this = point: >=20 > . . . > debug1: SSH2_MSG_NEWKEYS received > debug2: key: /root/.ssh/id_rsa (0x80208e200) > debug2: key: /root/.ssh/id_dsa (0x0) > debug2: key: /root/.ssh/id_ecdsa (0x80208e180) > debug2: key: /root/.ssh/id_ed25519 (0x80208e040) > debug1: SSH2_MSG_EXT_INFO received > debug1: Fssh_kex_input_ext_info: > server-sig-algs=3D > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received >=20 > Then there is a long delay (~18s) after which the pre login text = appears >=20 > !Warning!! - Any deliberate attempt to access this resource without > legitimate authorization is a criminal offence > (R.S.C. 1985, c. C-46 - Section 342.1). > debug1: Authentications that can continue: = publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /root/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 > debug2: input_userauth_pk_ok: fp > SHA256:cJBXJBwve7zD8D1AM24vWsFYwrhz68ntuYbEiaxLp94 >=20 > Then another delay of approximately 13s before the login prompt = appears. >=20 > Connecting to that jail's host exhibits no delay whatsoever. The > uptime counts on both the jail and the host are similar. >=20 > Jail: 4:08PM up 15 days, 5:25, 1 users, load averages: 0.28, 0.43, = 0.41 >=20 > Host: 4:09PM up 15 days, 5:26, 2 users, load averages: 0.32, 0.42, = 0.41 >=20 > What is the reason for the dependency in the connection times? How is > it fixed? >=20 > --=20 > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail >=20 > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"