Date: Mon, 21 Mar 2005 08:48:50 -0500 From: Bill Moran <wmoran@potentialtech.com> To: backdoc <alias3@crotchett.com> Cc: freebsd-questions@freebsd.org Subject: Re: ssh password delay Message-ID: <20050321084850.4a789fcb.wmoran@potentialtech.com> In-Reply-To: <423EBF85.60500@crotchett.com> References: <423E116D.50805@usmstudent.com> <423EBF85.60500@crotchett.com>
next in thread | previous in thread | raw e-mail | index | archive | help
backdoc <alias3@crotchett.com> wrote: > > Additional info. > > I started sshd with -ddd. It is definitely hanging on the line: > "Trying to reverse map address 192.168.1.102." > > Now, I'm not sure how to fix that. BTW, I do have VerifyReverseMapping > set to "NO" in sshd_config. But, that seems to be being ignored. I think that sshd attempts to require a RDNS entry in any case, but only with VerifyReverseMapping set to YES does it actually check to see if the result makes sense. Sounds to me like you need to enter PTR records for your IP range. See the docs for whatever DNS server you're using. > > Any suggestions? > darren > > > darren wrote: > > I could use some help troubleshooting a problem that I am having with > > long delays before receiving a password prompt when I log onto my > > FreeBSD box via ssh. > > > > I have done quite a bit of googling and I realize that the problem > > likely has something to do with reverse DNS lookups. But, I don't know > > how to pinpoint the problem from there. I've basically been playing > > with the /etc/resolv.conf and /etc/hosts settings. In my hosts file, I > > have an entry for the private IP of my Linux box with its hostname > > (which is not a FQDN) and my resolv.conf file looks like: > > > > domain myrealdomain.com //I just added this, but no noticeable help > > search myrealdomain.com > > nameserver my.ip's.dns.numbers > > nameserver my.ip's.dns.numbers2 > > > > Here's a more detailed explanation of the problem. To me, the problem > > seems very peculiar. The problem only exists whenever I use my laptop > > (which is running Linux) from within my own LAN. I can get around it > > by logging onto my ISP's server or my school's server (either one) and > > then logging back into my FreeBSD box from there. If I am at school > > with my laptop, I can even log into my FreeBSD server at home directly > > without a delay. But, if I try going directly to my FreeBSD box from my > > laptop when they are both inside the LAN, I get a very long delay (like > > 3 minutes). Sometimes the delay is so long, the connection times out > > and I never get a prompt. > > > > I have set the logging level up to DEBUG3 in the /etc/sshd_config file. > > But, I don't see where any verbose output is going. > > > > This problem is on FreeBSD 4.10-RELEASE. > > > > TIA, > > backdoc > > > > The /var/log/auth.log file just says: > > ... fatal: Timeout before authentication for 192...... > > > > Here's what my laptop spits out before the long delay kicks in. > > > > root@laptop:/home/backdoc # ssh -vl backdoc 192.168.1.4 > > OpenSSH_3.9p1 Debian-1ubuntu2, OpenSSL 0.9.7e 25 Oct 2004 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug1: Connecting to 192.168.1.4 [192.168.1.4] port 22. > > debug1: Connection established. > > debug1: permanently_set_uid: 0/0 > > debug1: identity file /root/.ssh/identity type -1 > > debug1: identity file /root/.ssh/id_rsa type -1 > > debug1: identity file /root/.ssh/id_dsa type -1 > > debug1: Remote protocol version 1.99, remote software version > > OpenSSH_3.5p1 FreeBSD-20030924 > > debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_3.9p1 Debian-1ubuntu2 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug1: Host '192.168.1.4' is known and matches the DSA host key. > > debug1: Found key in /root/.ssh/known_hosts:1 > > debug1: ssh_dss_verify: signature correct > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050321084850.4a789fcb.wmoran>