Date: Mon, 6 Jan 2003 14:47:42 -0600 From: Hari Bhaskaran <subscr@spider.netmails.net> To: freebsd-questions@freebsd.org Subject: Re: sshd and reverse lookups Message-ID: <20030106204742.GA1101@poecilotheria.netmails.net> In-Reply-To: <20030103232251.A86924@spider.netmails.net> References: <20030103232251.A86924@spider.netmails.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 03, 2003 at 11:22:51PM -0600, Hari Bhaskaran wrote: > I can't seem to avoid the initial login delay for sshd. oops! - this was a known gotcha since July. Fixed by copying /etc/resolv.conf to /var/empty/etc/resolv.conf (and +schg-ing everything in there). http://docs.freebsd.org/cgi/getmsg.cgi?fetch=138079+0+archive/2002/freebsd-security/20020728.freebsd-security At 3 minutes less per login, this saves me... let me see.. 3*60*24*.... :) > I have turned off reverse lookup - "VerifyReverseMapping no". > I don't use inetd - even then, hosts.allow has only one - > "ALL : ALL : allow". I have an ipfilter firewall which > lets only one tcp port for ssh in (from select IPs). > > I see the question has been asked before > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2697694+0+archive/2002/freebsd-questions/20021117.freebsd-questions > However, I didn't see any answers there. > > /etc/rc.conf: sshd_flags="-4 -u0" > inetd_enable="NO" > > I have turned off RhostsAuthentication, RhostsRSAAuthentication, HostbasedAuthentication > No user@host pattern in AllowUsers and DenyUsers - Things that would > have required reverse DNS lookup according to man page. > > An ssh 3.4p1 client running from a different machine with couple of -v's gives > > debug1: got SSH2_MSG_SERVICE_ACCEPT > <--- A delay of almost 1 to 2 minutes. > debug3: input_userauth_banner > > I use the 'Banner' thing at the server - that is the debug3 line. > I have tried with & without the banner (just being paranoid) but > still the same result. > > Any help is appreciated > > -- > Hari Bhaskaran -- Hari Bhaskaran To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030106204742.GA1101>