Date: Thu, 19 Jul 2018 22:22:17 +0200 From: Philipp Vlassakakis <freebsd-en@lists.vlassakakis.de> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD-11.1 Jails and SSL Message-ID: <A820DA67-87FA-4638-B5D4-F87D63CB22C0@lists.vlassakakis.de> In-Reply-To: <b09a213c9018244d79763c7d65e98e1c.squirrel@webmail.harte-lyne.ca> References: <b09a213c9018244d79763c7d65e98e1c.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Does DNS work in the jail without any delay/issue? Maybe there are = problems with dns resolution? Is =E2=80=9EUseDNS=E2=80=9C turned on? -> = https://www.freebsd.org/cgi/man.cgi?sshd_config(5) Regards, Philipp > Am 19.07.2018 um 22:11 schrieb James B. Byrne via freebsd-questions = <freebsd-questions@freebsd.org>: >=20 > I notice a distinct delay when connecting to a jail using ssh. There > is no delay when I connect to the jail's host. The jail is running > local_unbound and sshd_config contains the same settings as the host, > with the necessary changes for the service IP and such. >=20 > I ran ssh with -vv and the connection is instantaneous up to this = point: >=20 > . . . > debug1: SSH2_MSG_NEWKEYS received > debug2: key: /root/.ssh/id_rsa (0x80208e200) > debug2: key: /root/.ssh/id_dsa (0x0) > debug2: key: /root/.ssh/id_ecdsa (0x80208e180) > debug2: key: /root/.ssh/id_ed25519 (0x80208e040) > debug1: SSH2_MSG_EXT_INFO received > debug1: Fssh_kex_input_ext_info: > server-sig-algs=3D<rsa-sha2-256,rsa-sha2-512> > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received >=20 > Then there is a long delay (~18s) after which the pre login text = appears >=20 > !Warning!! - Any deliberate attempt to access this resource without > legitimate authorization is a criminal offence > (R.S.C. 1985, c. C-46 - Section 342.1). > debug1: Authentications that can continue: = publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /root/.ssh/id_rsa > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 > debug2: input_userauth_pk_ok: fp > SHA256:cJBXJBwve7zD8D1AM24vWsFYwrhz68ntuYbEiaxLp94 >=20 > Then another delay of approximately 13s before the login prompt = appears. >=20 > Connecting to that jail's host exhibits no delay whatsoever. The > uptime counts on both the jail and the host are similar. >=20 > Jail: 4:08PM up 15 days, 5:25, 1 users, load averages: 0.28, 0.43, = 0.41 >=20 > Host: 4:09PM up 15 days, 5:26, 2 users, load averages: 0.32, 0.42, = 0.41 >=20 > What is the reason for the dependency in the connection times? How is > it fixed? >=20 > --=20 > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail >=20 > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A820DA67-87FA-4638-B5D4-F87D63CB22C0>