From owner-freebsd-security  Thu Jul 25  7:50:47 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4FC5D37B400
	for <freebsd-security@freebsd.org>; Thu, 25 Jul 2002 07:50:42 -0700 (PDT)
Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AEC5243E5E
	for <freebsd-security@freebsd.org>; Thu, 25 Jul 2002 07:50:41 -0700 (PDT)
	(envelope-from scott@gerhardt-it.com)
Received: from [24.71.178.119] (h24-71-178-119.ss.shawcable.net [24.71.178.119])
	by blue.gerhardt-it.com (Postfix) with ESMTP
	id 4BE021004E; Thu, 25 Jul 2002 08:50:40 -0600 (CST)
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 25 Jul 2002 08:50:34 -0600
Subject: Re: Openssh-portable
From: Scott Gerhardt <scott@gerhardt-it.com>
To: Dirk Janssen <djanssen@netcologne.de>,
	<freebsd-security@FreeBSD.ORG>
Message-ID: <B9656C5A.14C8%scott@gerhardt-it.com>
In-Reply-To: <200207250819.g6P8JZ204289@mailrelay.netcologne.de>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>> 
>> I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE
>> box and now ssh is very slow to login (60 seconds or more).  Other than
>> the delay, everything else works fine.  I couldn't find any answers in
>> the archives.
>> 
>> Seems like DNS lookup issue.
>> 
>> Is this a known problem and what is the suggested fix?
> 
> I had this problem too on one machine (others worked fine, all
> 4.6-Stable), it had nothing to do with my settings in sshd_config
> (ReverseMappingCheck no).
> It helped (I don't exactly know why) to copy my resolv.conf to the
> directory /usr/local/empty/etc/ an chmod /usr/local/empty to 755.
> If /usr/local/empty doesn't exist, try /var/empty, this depends on how
> you compiled openssh.
> If somebody knows why exactly this solution works it would be kind to let
> me know.


FYI:
I did a standard "make install" of openssh-portable from ports.
In order fix the DNS delays when priviledge separation is ON you must copy
/etc/resolv.conf to /var/empty/etc/resolv.conf and /var/empty must be set to
755.

Everything works fine now.  Thanks for all your help everone!

--
Scott


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message