Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Jul 2002 22:16:41 +0800 (CST)
From:      Tai-hwa Liang <avatar@www.mmlab.cse.yzu.edu.tw>
To:        freebsd-stable@FreeBSD.org
Subject:   slow ssh connection speed(bind problem?)
Message-ID:  <20020717214655.R51546-100000@www.mmlab.cse.yzu.edu.tw>

next in thread | raw e-mail | index | archive | help
Hi,

	After cvsupped to the latest version of RELENG_4 this morning, I
found that the sshd on the newly built system takes more time during ssh
connection handshaking:

	some.host.on.lan> ssh -vvv newly.built.releng.4.server
	.
	.
	.
	debug1: SSH2_MSG_NEWKEYS received
	debug1: done: ssh_kex2.
	debug1: send SSH2_MSG_SERVICE_REQUEST
	debug1: service_accept: ssh-userauth
	debug1: got SSH2_MSG_SERVICE_ACCEPT	# stuck about 1 minute here
	.
	.

	Server debug log:

	.
	.
	debug1: newkeys: mode 0
	debug1: SSH2_MSG_NEWKEYS received
	debug1: KEX done
	debug3: Trying to reverse map address 192.168.0.9.	# stuck here
	.
	.


	Both of the client and server run OpenSSH-3.4p1. Neither the
server nor the client has named enabled.

	I'm pretty sure that there is *no* change in any resolv related
configuration file on newly.built.releng.4.server:

	/etc/hosts
		::1                     localhost localhost.my.domain
		127.0.0.1               localhost.my.domain localhost
		192.168.0.12            newly.built.releng.4.server test

	/etc/resolv.conf:
		domain		my.domain.
		search		my.domain.
		nameserver      192.168.0.1

	/etc/host.conf:

		# First try the /etc/hosts file
		hosts
		# Now try the nameserver next.
		bind
		# If you have YP/NIS configured, uncomment the next line
		# nis

	However, the sshd seems being blocked at canohost.c:77 for about
65 seconds:

		$OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $
		.
		.
		.
		/* Map the IP address to a host name. */
		if (getnameinfo((struct sockaddr *)&from, fromlen, name,
			sizeof(name), NULL, 0, NI_NAMEREQD) != 0) {
	                /* Host name not found.  Use ip address. */
	                log("Could not reverse map address %.100s.", ntop);
	                return xstrdup(ntop);
	        }

	Furthermore, if I turned on log_in_vain on the server side,
there would be several lines of "Connection attempt to UDP 127.0.0.1:1073
from 127.0.0.1:53" appended to server log during client connection.

	I'm wondering whether there was any bind(especially getnameinfo())
related changes in recent RELENG_4. Or did I miss any sshd_config related
knobs?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717214655.R51546-100000>