Itamar Reis Peixoto
2007-May-11 21:19 UTC
Re: [Xen-users] VM slow after being unused for a while
try to edit /etc/ssh/sshd_config and change UseDNS to NO restart ssh server -------------------- Itamar Reis Peixoto e-mail: itamar@ispbrasil.com.br msn: itamarjp@starmedia.com skype: itamarjp icq: 81053601 +55 34 3238 3845 +55 11 4063 5033 ----- Original Message ----- From: Nasse Gris To: xen-users@lists.xensource.com Sent: Friday, May 11, 2007 7:21 PM Subject: [Xen-users] VM slow after being unused for a while Hey! When I haven''t logged on to a Xen VM for a while the login process by SSH is strangely slow - the login prompt appears fast but the password prompt is dalayed for around a minute... Can that issue be related to some Xen setting somehow? The same behavior shows when trying to connect to the VM on any other port... -- Regards, Richard ------------------------------------------------------------------------------ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hey! When I haven''t logged on to a Xen VM for a while the login process by SSH is strangely slow - the login prompt appears fast but the password prompt is dalayed for around a minute... Can that issue be related to some Xen setting somehow? The same behavior shows when trying to connect to the VM on any other port... -- Regards, Richard _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nico Kadel-Garcia
2007-May-12 08:15 UTC
Re: [Xen-users] VM slow after being unused for a while
Itamar Reis Peixoto wrote:> try to edit /etc/ssh/sshd_config > > and change UseDNS to NO > > restart ssh server > > -------------------- > > Itamar Reis Peixoto >Unfortunately, that argument doesn''t do what you think it does. And it confuses a lot of people! Here''s the situation at least up through OpenSSH 3.9p1. OpenSSH, for logging purposes, does a reverse DNS on any contacting IP address. The UseDNS option says whether to verify that the reverse DNS matches a valid forward DNS for that host. But disabling UseDNS does *NOT, NOT, NOT* turn off the reverse DNS lookup! Any number of us have submitted patches for this over the years: I submitted some when I dealt with large remotely deployed networks. (When you manage thousands of machines deployed in data centers all over the world, you can be absolutely certain a lot of them will not have valid reverse DNS, or even have DNS working properly, and you need to be able to log in quickly in a crunch.) The option you need is in your sshd init script. You need to use the additional options "-u 0", to set the namelength of the recorded DNS entry to 0 so that the reverse DNS isn''t actually done. (Why the SSH authors think setting an arglength to 0 should cause undocumented behavior and not throw an error, instead of obeying the UseDNS option in the configuraton file more correctly, I leave to people who think the "chroot" option of OpenSSH actually means a chroot cage for SSH users to protect them from accessing the filesystem outside their home directory. It doesn.t.) I like OpenSSH, I use it a lot, but I''ve disagreed volubly with the authors on a few points over the years. This is one of them. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nico Kadel-Garcia
2007-May-12 08:17 UTC
Re: [Xen-users] VM slow after being unused for a while
Nasse Gris wrote:> Hey! > When I haven''t logged on to a Xen VM for a while the login process by > SSH is strangely slow - > the login prompt appears fast but the password prompt is dalayed for > around a minute... > Can that issue be related to some Xen setting somehow? > The same behavior shows when trying to connect to the VM on any other > port... > -- > Regards, > RichardDoes your client to the VM have a valid reverse DNS lookup? And do the other services do DNS based logging, in order to associate a hostname with the contacting IP address? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Itamar Reis Peixoto
2007-May-12 16:06 UTC
Re: [Xen-users] VM slow after being unused for a while
you''re right. :-) -------------------- Itamar Reis Peixoto e-mail: itamar@ispbrasil.com.br msn: itamarjp@starmedia.com skype: itamarjp icq: 81053601 +55 34 3238 3845 +55 11 4063 5033 From: "Nico Kadel-Garcia" <nkadel@gmail.com> To: "Itamar Reis Peixoto" <itamar@ispbrasil.com.br> Cc: "Nasse Gris" <nassegris@gmail.com>; <xen-users@lists.xensource.com> Sent: Saturday, May 12, 2007 6:15 AM Subject: Re: [Xen-users] VM slow after being unused for a while> Itamar Reis Peixoto wrote: >> try to edit /etc/ssh/sshd_config >> >> and change UseDNS to NO >> >> restart ssh server >> >> -------------------- >> >> Itamar Reis Peixoto >> > Unfortunately, that argument doesn''t do what you think it does. And it > confuses a lot of people! > > Here''s the situation at least up through OpenSSH 3.9p1. > > OpenSSH, for logging purposes, does a reverse DNS on any contacting IP > address. The UseDNS option says whether to verify that the reverse DNS > matches a valid forward DNS for that host. But disabling UseDNS does > *NOT, NOT, NOT* turn off the reverse DNS lookup! Any number of us have > submitted patches for this over the years: I submitted some when I dealt > with large remotely deployed networks. (When you manage thousands of > machines deployed in data centers all over the world, you can be > absolutely certain a lot of them will not have valid reverse DNS, or > even have DNS working properly, and you need to be able to log in > quickly in a crunch.) > > The option you need is in your sshd init script. You need to use the > additional options "-u 0", to set the namelength of the recorded DNS > entry to 0 so that the reverse DNS isn''t actually done. (Why the SSH > authors think setting an arglength to 0 should cause undocumented > behavior and not throw an error, instead of obeying the UseDNS option in > the configuraton file more correctly, I leave to people who think the > "chroot" option of OpenSSH actually means a chroot cage for SSH users to > protect them from accessing the filesystem outside their home directory. > It doesn.t.) > > I like OpenSSH, I use it a lot, but I''ve disagreed volubly with the > authors on a few points over the years. This is one of them. > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Nico Kadel-Garcia
2007-May-12 18:10 UTC
Re: [Xen-users] VM slow after being unused for a while
Itamar Reis Peixoto wrote:> you''re right. > > :-)Heh. I kind of thought so.That "UseDNS" field has been confusing people for years. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users