Hi all, I noticed that my ssh logins to a particular server were taking up to 5 seconds to finally login. My tcpdump -vv weren't producing much output (not good) and my pings to and from that host were normal and almost identical to other hosts on my subnet that had no ssh login delay issues. Log files also showed nothing alarming. My hosts file was missing this at the very end of the file; ::1 localhost6.localdoamin6 localhost6 I chose to disable ipv6 during install but no big deal that I needed that line. My question is; What tools could I have used to trouble shoot this as packet sniffers on the switch port or the host didn't seem to do the trick, nor did log file analysis? I just had a hunch and decided to look at my hosts file, not the most effective way to fix issues but one I've used several times. Thanks in advance, - aurf
aurfalien at gmail.com wrote:> Hi all, > > I noticed that my ssh logins to a particular server were taking up to > 5 seconds to finally login.This is frequently a DNS issue, is forward+reverse DNS functional? You can also run SSH in debugging mode on the server, and increase verbosity on the client. See the man pages.. I usually just fire up another sshd on another port and test with that. nate
> ----- Original Message ---- >> From: "aurfalien at gmail.com" <aurfalien at gmail.com> >> To: CentOS mailing list <centos at centos.org> >> Sent: Thu, 21 January, 2010 20:07:27 >> Subject: Re: [CentOS] trouble shooting slow ssh logins >> >>> aurfalien at gmail.com wrote: >>>> Hi all, >>>> >>>> I noticed that my ssh logins to a particular server were taking >>>> up to >>>> 5 seconds to finally login. >>> >>> This is frequently a DNS issue, is forward+reverse DNS functional? >> >> DNS was normal, forward reverse lookups exist and match that host. >> > > Is the server able to to reverse lookups on the IP address of the > incoming client? > > A day or two ago post a suggestion to use UseDNS No in the sshd > config file (from memory), which worked for me. > > HTH.The DNS server also behaved regarding name/ip addy lookups. This server is a Zimbra mail server which during install, checks for proper DNS configs. I usually check proper functioning DNS by hand anyways. The ipv6 line was strange but I read a while back, some tech note about ensuring that is your last line in hosts. - aurf