From owner-freebsd-questions Mon Jan 6 12:47:59 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6027437B401 for ; Mon, 6 Jan 2003 12:47:57 -0800 (PST) Received: from poecilotheria.netmails.net (netmails.net [12.96.164.138]) by mx1.FreeBSD.org (Postfix) with SMTP id B5DA743EC5 for ; Mon, 6 Jan 2003 12:47:56 -0800 (PST) (envelope-from subscr@poecilotheria.netmails.net) Received: (qmail 1165 invoked by uid 1012); 6 Jan 2003 20:47:42 -0000 Date: Mon, 6 Jan 2003 14:47:42 -0600 From: Hari Bhaskaran To: freebsd-questions@freebsd.org Subject: Re: sshd and reverse lookups Message-ID: <20030106204742.GA1101@poecilotheria.netmails.net> References: <20030103232251.A86924@spider.netmails.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030103232251.A86924@spider.netmails.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jan 03, 2003 at 11:22:51PM -0600, Hari Bhaskaran wrote: > I can't seem to avoid the initial login delay for sshd. oops! - this was a known gotcha since July. Fixed by copying /etc/resolv.conf to /var/empty/etc/resolv.conf (and +schg-ing everything in there). http://docs.freebsd.org/cgi/getmsg.cgi?fetch=138079+0+archive/2002/freebsd-security/20020728.freebsd-security At 3 minutes less per login, this saves me... let me see.. 3*60*24*.... :) > I have turned off reverse lookup - "VerifyReverseMapping no". > I don't use inetd - even then, hosts.allow has only one - > "ALL : ALL : allow". I have an ipfilter firewall which > lets only one tcp port for ssh in (from select IPs). > > I see the question has been asked before > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2697694+0+archive/2002/freebsd-questions/20021117.freebsd-questions > However, I didn't see any answers there. > > /etc/rc.conf: sshd_flags="-4 -u0" > inetd_enable="NO" > > I have turned off RhostsAuthentication, RhostsRSAAuthentication, HostbasedAuthentication > No user@host pattern in AllowUsers and DenyUsers - Things that would > have required reverse DNS lookup according to man page. > > An ssh 3.4p1 client running from a different machine with couple of -v's gives > > debug1: got SSH2_MSG_SERVICE_ACCEPT > <--- A delay of almost 1 to 2 minutes. > debug3: input_userauth_banner > > I use the 'Banner' thing at the server - that is the debug3 line. > I have tried with & without the banner (just being paranoid) but > still the same result. > > Any help is appreciated > > -- > Hari Bhaskaran -- Hari Bhaskaran To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message