Date: Thu, 18 Jul 2002 08:22:19 +1000 From: Mark.Andrews@isc.org To: Tai-hwa Liang <avatar@www.mmlab.cse.yzu.edu.tw> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: slow ssh connection speed(bind problem?) Message-ID: <200207172222.g6HMMJJe085318@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 17 Jul 2002 22:16:41 %2B0800." <20020717214655.R51546-100000@www.mmlab.cse.yzu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi,
>
> After cvsupped to the latest version of RELENG_4 this morning, I
> found that the sshd on the newly built system takes more time during ssh
> connection handshaking:
>
> some.host.on.lan> ssh -vvv newly.built.releng.4.server
> .
> .
> .
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT # stuck about 1 minute here
> .
> .
>
> Server debug log:
>
> .
> .
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug3: Trying to reverse map address 192.168.0.9. # stuck here
> .
> .
>
>
> Both of the client and server run OpenSSH-3.4p1. Neither the
> server nor the client has named enabled.
>
> I'm pretty sure that there is *no* change in any resolv related
> configuration file on newly.built.releng.4.server:
>
> /etc/hosts
> ::1 localhost localhost.my.domain
> 127.0.0.1 localhost.my.domain localhost
> 192.168.0.12 newly.built.releng.4.server test
>
> /etc/resolv.conf:
> domain my.domain.
> search my.domain.
> nameserver 192.168.0.1
>
> /etc/host.conf:
>
> # First try the /etc/hosts file
> hosts
> # Now try the nameserver next.
> bind
> # If you have YP/NIS configured, uncomment the next line
> # nis
>
> However, the sshd seems being blocked at canohost.c:77 for about
> 65 seconds:
>
> $OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $
> .
> .
> .
> /* Map the IP address to a host name. */
> if (getnameinfo((struct sockaddr *)&from, fromlen, name,
> sizeof(name), NULL, 0, NI_NAMEREQD) != 0) {
> /* Host name not found. Use ip address. */
> log("Could not reverse map address %.100s.", ntop);
> return xstrdup(ntop);
> }
>
> Furthermore, if I turned on log_in_vain on the server side,
> there would be several lines of "Connection attempt to UDP 127.0.0.1:1073
> from 127.0.0.1:53" appended to server log during client connection.
Well are you serving the RFC 1918 address range you are using
or are you depending upon the over loaded servers on the Internet
to answer you leaked queries? If you are using RFC 1918 address
and are using the DNS you should be serving the appropriate
address range. Even a empty zone (SOA and NS record only)
will do to stop the queries leaking and speed up the response.
> I'm wondering whether there was any bind(especially getnameinfo())
> related changes in recent RELENG_4. Or did I miss any sshd_config related
> knobs?
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207172222.g6HMMJJe085318>