[NCLUG] ssh - very slow to initiate
Michael Dwyer
mdwyer at sixthdimension.com
Wed Nov 14 10:32:12 MST 2001
"S. Luke Jones" wrote:
>
> Any idea why it takes me >15 seconds (subjective time = 15 years)
> to initiate an SSH connection from my P75 (149.50 BogoMIPS) to
> Front Range Internet over a 56k dialup?
I usually see these problems in conjunction with DNS issues. DNS calls
typically block the SSHd process, so it is stuck trying to look you up.
If the DNS server responds quickly enough, you don't notice anything.
However, if the name server is dead, you must wait out the DNS timeout
before that happens.
Did that make any sense? Lemme try again...
If you SSH to a box that is unable to reverse-resolve your IP address to
a name, then you will often see long delays until the DNS call times
out.
Test it:
o Once you DO get an SSH port open, try using nslookup (or ping...) on
your own address. If you get a name back
(dynamic-123-1453.dialup.uswest.net or something) then this isn't your
problem. If
all you get is a possible 15 second delay, then no answer, then this
might be your problem.
o If you get a connection, close it, then connect again, is it much
faster the second time? The local DNS is allowed to cache a negative
response for a couple of minutes, so this time the call will return much
faster instead of having to wait for a timeout.
Fix it:
o The box you are SSHing into doesn't have a DNS server to talk to.
Have the sysadmin check the /etc/resolv.conf file to make sure
everything is kosher.
o Your ISP doesn't reverse-map their dynamic IPs. Call them up and
tell them they are silly, and you will point and laugh at them until
they fix it.
-mdwyer - "I use quadruple ROT13 encoding for extra security."
More information about the NCLUG
mailing list