Date: Thu, 19 Jul 2018 16:58:57 -0400 From: Ernie Luzar <luzar722@gmail.com> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD-11.1 Jails and SSL Message-ID: <5B50FB91.4080903@gmail.com> In-Reply-To: <b09a213c9018244d79763c7d65e98e1c.squirrel@webmail.harte-lyne.ca> References: <b09a213c9018244d79763c7d65e98e1c.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
James B. Byrne via freebsd-questions wrote: > I notice a distinct delay when connecting to a jail using ssh. There > is no delay when I connect to the jail's host. The jail is running > local_unbound and sshd_config contains the same settings as the host, > with the necessary changes for the service IP and such. > > I ran ssh with -vv and the connection is instantaneous up to this point: > > . . . > debug1: SSH2_MSG_NEWKEYS received > debug2: key: /root/.ssh/id_rsa (0x80208e200) > debug2: key: /root/.ssh/id_dsa (0x0) > debug2: key: /root/.ssh/id_ecdsa (0x80208e180) > debug2: key: /root/.ssh/id_ed25519 (0x80208e040) > debug1: SSH2_MSG_EXT_INFO received > debug1: Fssh_kex_input_ext_info: > server-sig-algs=<rsa-sha2-256,rsa-sha2-512> > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > > Then there is a long delay (~18s) after which the pre login text appears > > !Warning!! - Any deliberate attempt to access this resource without > legitimate authorization is a criminal offence > (R.S.C. 1985, c. C-46 - Section 342.1). > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /root/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 > debug2: input_userauth_pk_ok: fp > SHA256:cJBXJBwve7zD8D1AM24vWsFYwrhz68ntuYbEiaxLp94 > > Then another delay of approximately 13s before the login prompt appears. > > Connecting to that jail's host exhibits no delay whatsoever. The > uptime counts on both the jail and the host are similar. > > Jail: 4:08PM up 15 days, 5:25, 1 users, load averages: 0.28, 0.43, 0.41 > > Host: 4:09PM up 15 days, 5:26, 2 users, load averages: 0.32, 0.42, 0.41 > > What is the reason for the dependency in the connection times? How is > it fixed? > I login into my jails using ssh all the time without any problems. local_unbound means local as on the host not a jail. Disable local_unbound in the jail and ssh to the jail will work as intended.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5B50FB91.4080903>