Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Jul 2002 09:28:46 +0800 (CST)
From:      Tai-hwa Liang <avatar@www.mmlab.cse.yzu.edu.tw>
To:        Chris Johnson <cjohnson@palomine.net>
Cc:        freebsd-stable@FreeBSD.org
Subject:   Re: slow ssh connection speed(bind problem?)
Message-ID:  <20020718091734.E53886-100000@www.mmlab.cse.yzu.edu.tw>
In-Reply-To: <20020717143012.GA19247@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 17 Jul 2002, Chris Johnson wrote:
> On Wed, Jul 17, 2002 at 10:16:41PM +0800, Tai-hwa Liang wrote:
> > 	After cvsupped to the latest version of RELENG_4 this morning, I
> > found that the sshd on the newly built system takes more time during ssh
> > connection handshaking:
>
> I've found that this happens on some boxes but not others, both with the new
> OpenSSH-3.4p1 in the base system and with the openssh-portable in the ports. I
> haven't been able to figure why it happens only on some boxes and not others.
According to my testing result, such resolving problem only happens on
sshd with "UsePrivilegeSeparation" turned on. Maybe sshd just chrooted to
/var/empty at the first time and was not able to find
/var/empty/etc/resolv.conf when doing reverse address mapping later.

>
> One solution I've found is this:
>
> # chflags noschg /var/empty
> # mkdir /var/empty/etc
> # cp /etc/resolv.conf /var/empty/etc
> # chflags schg /var/empty
That's did the trick. A working /var/empty/etc/resolv.conf did solve the
UsePrivilegeSeparation chrooted issue. However, the same problem does not
happen on another Linux box with portable OpenSSH-3.4p1 installed....

>
> I don't know if there are security (or any other) implications to this, but it
Maybe you'd like change the last command to "chflags -R schg /var/empty"
to protect your /var/empty/etc/*.

> fixes the problem in any case.
>
> Chris Johnson
>
Thanks a lot for your enlighten.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020718091734.E53886-100000>