Slow SSH

[txrandom]

I was SSHing into my local Linux box and noticed my SSH and SFTP connections took a long time to initiate. This has never happened until recently when my internet was down. I was reading another forum, and it appears that SSH looks up the connecting computer's hostname using DNS. Since my internet connection was down, DNS was not working. Is there a way to disable SSH from trying to use DNS to look up the connecting computer's hostname?

 

[xSauronx]

Originally posted by: txrandom
Is there a way to disable SSH from trying to use DNS to look up the connecting computer's hostname?

when it comes to DNS, machines check the local hosts file, then the DNS cache, then a DNS server. any time a hostname is used in place of an IP address, DNS is used.

but you can set the IP that you want to SSH to as an entry in the local machines host file from which you want to SSH, which will keep the machine from checking the DNS cache or the DNS server

or you can SSH directly to an IP address instead of a hostname

 

[txrandom]

Originally posted by: xSauronx

Originally posted by: txrandom
Is there a way to disable SSH from trying to use DNS to look up the connecting computer's hostname?

when it comes to DNS, machines check the local hosts file, then the DNS cache, then a DNS server. any time a hostname is used in place of an IP address, DNS is used.

but you can set the IP that you want to SSH to as an entry in the local machines host file from which you want to SSH, which will keep the machine from checking the DNS cache or the DNS server

or you can SSH directly to an IP address instead of a hostname

I was using an IP addresses to access my linux server. Is my computer checking DNS or is the server checking DNS? I guess it's not a DNS issue since I'm using an IP?

 

[xSauronx]

Originally posted by: txrandom

Originally posted by: xSauronx

Originally posted by: txrandom
Is there a way to disable SSH from trying to use DNS to look up the connecting computer's hostname?

when it comes to DNS, machines check the local hosts file, then the DNS cache, then a DNS server. any time a hostname is used in place of an IP address, DNS is used.

but you can set the IP that you want to SSH to as an entry in the local machines host file from which you want to SSH, which will keep the machine from checking the DNS cache or the DNS server

or you can SSH directly to an IP address instead of a hostname

I was using an IP addresses to access my linux server. Is my computer checking DNS or is the server checking DNS? I guess it's not a DNS issue since I'm using an IP?

bingo. its something else. you can do a ping/traceroute to the host to see if theres some unusually long delay that may help explain it. you can check your logs and see what SSHD is reporting on the machine youre trying to SSH in to and see if it gives any feedback.

 

[n0cmonkey]

Just for the record, to turn off DNS in sshd modify the following line in /etc/ssh/sshd_config:

#UseDNS yes

to look like:

UseDNS no

 

[Netopia]

Hey n0c,

Why is it that

# UseDNS yes =/= UseNDS no ?

Is the default yes, so that unless you specify no, it will be a yes?

Joe

 

[Crusty]

By default my recent ssh installs haven't even included the '#UseDNS yes' line, so I would assume that 'UseDNS yes' is the default.

 

[skyking]

yeah, I have run into that and made hostfile entries on smaller networks. The bigger ones had DNS, thanks for the tip on shutting it off.

 

[n0cmonkey]

Originally posted by: Netopia
Hey n0c,

Why is it that

# UseDNS yes =/= UseNDS no ?

Is the default yes, so that unless you specify no, it will be a yes?

Joe

Generally what is in the sshd_config file is the default. To change it you have to change the option and uncomment it. At least, that's how it is from source, not sure how various packagers handle things.

 

[txrandom]

Thanks, will try it out when I get home.

 

[VinDSL]

Originally posted by: txrandom
I was using an IP addresses to access my linux server. Is my computer checking DNS or is the server checking DNS? I guess it's not a DNS issue since I'm using an IP?

I just posted this in another thread. Might apply to you too...

Originally posted by: zoiks
I once used XWindows over SSH but that had so much lag it was unbearable.

Here's a little tip for you...

I'm a distro hopper and have installed numerous versions of Linux on a multitude of machines.

Call it a 'hobby'...

I use SSH on a daily basis and have run across this 'problem' on every linux install I've performed.

SOURCE: http://www.redhat.com/archives...006-June/msg04104.html (chosen at random)

The default Fedora ssh_config file comes with GSSAPIAuthentication set
to "yes". This causes a DNS query in an attempt to resolve
_kerberos.[hostname] whenever ssh is invoked. During periods when
connectivity to the outside world is interrupted for whatever reason,
the ssh session won't proceed until the DNS query times out. Not really
a problem, just more of an annoyance when trying to ssh to another
machine on the LAN.

Is there a reason why the default ssh_config comes with
GSSAPIAuthentication set to yes?

Thanks,
Jay

Actually GSSAPIAuthentication is commented out on every Linux install I've seen, thus defaults to 'yes'!

Uncommenting GSSAPIAuthentication and setting the value to 'no' takes care of the lag.

You might want to try this on your install(s)... :beer: