From owner-freebsd-stable  Wed Jul 17 18:29:47 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 391F737B400
	for <freebsd-stable@FreeBSD.org>; Wed, 17 Jul 2002 18:29:45 -0700 (PDT)
Received: from www.mmlab.cse.yzu.edu.tw (www.mmlab.cse.yzu.edu.tw [140.138.145.166])
	by mx1.FreeBSD.org (Postfix) with SMTP id E96F543E58
	for <freebsd-stable@FreeBSD.org>; Wed, 17 Jul 2002 18:29:43 -0700 (PDT)
	(envelope-from avatar@www.mmlab.cse.yzu.edu.tw)
Received: (qmail 53928 invoked from network); 18 Jul 2002 01:28:46 -0000
Received: from www.mmlab.cse.yzu.edu.tw (@140.138.145.166)
  by www.mmlab.cse.yzu.edu.tw with SMTP; 18 Jul 2002 01:28:46 -0000
Date: Thu, 18 Jul 2002 09:28:46 +0800 (CST)
From: Tai-hwa Liang <avatar@www.mmlab.cse.yzu.edu.tw>
To: Chris Johnson <cjohnson@palomine.net>
Cc: freebsd-stable@FreeBSD.org
Subject: Re: slow ssh connection speed(bind problem?)
In-Reply-To: <20020717143012.GA19247@palomine.net>
Message-ID: <20020718091734.E53886-100000@www.mmlab.cse.yzu.edu.tw>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, 17 Jul 2002, Chris Johnson wrote:
> On Wed, Jul 17, 2002 at 10:16:41PM +0800, Tai-hwa Liang wrote:
> > 	After cvsupped to the latest version of RELENG_4 this morning, I
> > found that the sshd on the newly built system takes more time during ssh
> > connection handshaking:
>
> I've found that this happens on some boxes but not others, both with the new
> OpenSSH-3.4p1 in the base system and with the openssh-portable in the ports. I
> haven't been able to figure why it happens only on some boxes and not others.
According to my testing result, such resolving problem only happens on
sshd with "UsePrivilegeSeparation" turned on. Maybe sshd just chrooted to
/var/empty at the first time and was not able to find
/var/empty/etc/resolv.conf when doing reverse address mapping later.

>
> One solution I've found is this:
>
> # chflags noschg /var/empty
> # mkdir /var/empty/etc
> # cp /etc/resolv.conf /var/empty/etc
> # chflags schg /var/empty
That's did the trick. A working /var/empty/etc/resolv.conf did solve the
UsePrivilegeSeparation chrooted issue. However, the same problem does not
happen on another Linux box with portable OpenSSH-3.4p1 installed....

>
> I don't know if there are security (or any other) implications to this, but it
Maybe you'd like change the last command to "chflags -R schg /var/empty"
to protect your /var/empty/etc/*.

> fixes the problem in any case.
>
> Chris Johnson
>
Thanks a lot for your enlighten.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message