From owner-freebsd-questions  Fri Jan  3 21:23:58 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1845437B401
	for <freebsd-questions@freebsd.org>; Fri,  3 Jan 2003 21:23:57 -0800 (PST)
Received: from spider.netmails.net (dsl-65-189-239-65.telocity.com [65.189.239.65])
	by mx1.FreeBSD.org (Postfix) with SMTP id 2CCA643EC2
	for <freebsd-questions@freebsd.org>; Fri,  3 Jan 2003 21:23:56 -0800 (PST)
	(envelope-from subscr@spider.netmails.net)
Received: (qmail 86979 invoked by uid 1014); 4 Jan 2003 05:22:51 -0000
Date: Fri, 3 Jan 2003 23:22:51 -0600
From: Hari Bhaskaran <subscr@spider.netmails.net>
To: freebsd-questions@freebsd.org
Subject: sshd and reverse lookups
Message-ID: <20030103232251.A86924@spider.netmails.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

(while I play around with dummynet, I have yet another q :)

I can't seem to avoid the initial login delay for sshd.
I have turned off reverse lookup - "VerifyReverseMapping no".
I don't use inetd - even then, hosts.allow has only one -
"ALL : ALL : allow". I have an ipfilter firewall which
lets only one tcp port for ssh in (from select IPs).

I see the question has been asked before 
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2697694+0+archive/2002/freebsd-questions/20021117.freebsd-questions
However, I didn't see any answers there.

/etc/rc.conf: sshd_flags="-4 -u0"
              inetd_enable="NO"

I have turned off RhostsAuthentication, RhostsRSAAuthentication, HostbasedAuthentication
No user@host pattern in AllowUsers and DenyUsers -  Things that would
have required reverse DNS lookup according to man page.

An ssh 3.4p1 client running from a different machine with couple of -v's gives

debug1: got SSH2_MSG_SERVICE_ACCEPT
	<--- A delay of almost 1 to 2 minutes.
debug3: input_userauth_banner

I use the 'Banner' thing at the server - that is the debug3 line.
I have tried with & without the banner (just being paranoid) but
still the same result.

Any help is appreciated

--
Hari Bhaskaran

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message