Date: Thu, 26 Feb 2004 18:39:59 -0500 From: Chris Johnson <dcj-expires-8251366.elmfb@palomine.net> To: questions@freebsd.org Subject: ssh/DNS timeout issue Message-ID: <20040226233959.96711.qmail@569a6198194762.e01ba3ee4a6096.palomine.net>
next in thread | raw e-mail | index | archive | help
I've installed FreeBSD-5.2.1-RELEASE on two different boxes, and they're both exhibiting the same odd problem with DNS timeouts on ssh logins. Before you say, "Fix your reverse DNS!," please hear me out. When I make an ssh connection to one of these boxes, I get a password prompt instantly--there's no delay at all. I watch the DNS server's log and I see the reverse DNS request being asked and answered. After I enter the correct password, however, I get the long delay, and as I watch the DNS server's log I see the reverse DNS request being asked and answered repeatedly, but the answer apparently isn't being received. If I copy ~/.ssh/id_dsa.pub on the client to ~/.ssh/authorized_keys on the box to which I'm trying to connect and then log in using public key authentication, then I can log in without any DNS delays. If I use opie passwords to log in, I get the same DNS delay. If, however, I just hit Enter instead of entering my opie password until I'm presented with a regular password prompt and then enter my password, then I can log in with no DNS delay. It occurs to me that the common denominator is PAM. When PAM becomes involved with my logging in, I get the long delays. I changed ChallengeResponseAuthentication to "no" in sshd_config, restarted sshd, and sure enough the delays vanished. I need opie passwords, however, so this isn't an option for me. Everything in sshd_config is set to the default, except that I allow only protocol 2. Does anyone know what the deal is? Chris Johnson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040226233959.96711.qmail>