From owner-freebsd-questions@FreeBSD.ORG Mon Jan 9 08:17:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A6D116A41F for ; Mon, 9 Jan 2006 08:17:41 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from mxout7.cac.washington.edu (mxout7.cac.washington.edu [140.142.32.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7AC243D5F for ; Mon, 9 Jan 2006 08:17:27 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout7.cac.washington.edu (8.13.5+UW05.10/8.13.5+UW05.09) with ESMTP id k098HQc7029712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 9 Jan 2006 00:17:27 -0800 X-Auth-Received: from [192.168.0.23] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.5+UW05.10/8.13.5+UW05.09) with ESMTP id k098HNql010876 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Mon, 9 Jan 2006 00:17:26 -0800 In-Reply-To: <000d01c614ef$c85ec0b0$0900a8c0@satellite> References: <4053413D-A3D3-4553-A1C9-49E92CD1D1F9@u.washington.edu> <8C520B67-731D-4064-967F-BDD017FE3C28@disflux.com> <94556B3B-CA17-40D0-BC5B-1D35CA87CBE7@u.washington.edu> <000d01c614ef$c85ec0b0$0900a8c0@satellite> Mime-Version: 1.0 (Apple Message framework v746.2) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Mon, 9 Jan 2006 00:18:16 -0800 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.746.2) X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HAS_X_PRIORITY 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Subject: Re: Extremely slow authentication via SSH on FreeBSD 6.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 08:17:41 -0000 On Jan 8, 2006, at 11:39 PM, Dave wrote: > Hi, > I caught this midthread, but two things. Are you running sshd in > a jail? And do you have dns resolving? I recently had an ssh slow > authentication issue, which when found was dns not resolving. Try > setting UseDns to no in sshd_config see if that helps. > HTH > Dave. > > ----- Original Message ----- From: "Garrett Cooper" > > To: > Sent: Monday, January 09, 2006 2:42 AM > Subject: Re: Extremely slow authentication via SSH on FreeBSD 6.0 > > >> >> On Jan 8, 2006, at 9:10 PM, Derek Musselmann wrote: >> >>> On Jan 8, 2006, at 7:21 PM, Garrett Cooper wrote: >>>> I'm having a hard time authenticating after upgrading the >>>> kernel and some packages, and I was wondering if someone could >>>> help me out with this issue. I marked the trouble points and >>>> included my sshd_config. >>> >>> I noticed in your sshd_config that you have: >>> >>> # Change to yes to enable built-in password authentication. >>> PasswordAuthentication yes >>> PermitEmptyPasswords no >>> >>> # Change to no to disable PAM authentication >>> ChallengeResponseAuthentication no >>> >>> >>> By default, ssh uses PAM for authentication. By commenting >>> those lines out, it doesn't mean that password checking won't be >>> done, just that it will be handled with PAM. >>> >>> And then later in the file you have: >>> UsePAM yes >>> >>> Try commenting out the PasswordAuthentication, >>> PermitEmptyPasswords, and ChallengeResponse lines. >>> >>> ----- >>> Derek Musselmann >>> http://www.disflux.com >> >> Tried exactly that, and it doesn't seem to have change the >> performance, actually =\... It still hangs in the same location, >> strangely enough. >> -Garrett I should be more specific. Setting UseDNS to no did the trick. Maybe sshd was confused by my hostname setup in /etc/hosts, but I'm not going to speculate there. All that I know is that it works like it used to =). -Garrett