[Bug 424371] [NEW] Logins to OpenSSH server slow due to "UseDNS yes" config
Brian Kelley
Brian.Kelley at thomson.net
Fri Sep 4 15:46:51 BST 2009
Public bug reported:
When logging in to my Ubuntu 8.04 Server edition server via SSH (client
PuTTY), logins take exactly 20 seconds from the time the username is
entered and the time the password request appears.
The problem is caused by the "UseDNS yes" config parameter. When it is
changed to "UseDNS no", the server logs in instantly.
The cause of the problem is that the server is in a network that does
not have a DHCP server to store client hostnames, and thus, when
requesting the hostname, it waits for the request to timeout. When the
same server is put on a network with a DHCP server, the logins are
instantaneous as well.
Another workaround is to put the client's hostname and IP address in
/etc/hosts.
This bug has similar symptoms to
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899 , but in my
case, disabling GSSAPIAuthentication does not resolve the issue.
I would disable UseDNS permanently, but I am skiddish because it sounds
like a security feature. Unfortunately, it seems worthless; when I put
the client's hostname and the WRONG IP address in /etc/hosts, the
connection still is successful (after a 20 second delay). That poses
the question: what is the point of UseDNS?
In bug 84899, someone suggests changing /etc/nsswitch.conf, but my
configuration was already like the recommended fix.
All config files are at their defaults.
To Reproduce:
Install Ubuntu Server 8.04
`apt-get install openssh-server`
Put machine on non-DHCP network
Connect to machine's IP
`lsb_release -rd`
Description: Ubuntu 8.04.3 LTS
Release: 8.04
`apt-cache policy openssh-server1
Installed: 1:4.7p1-8ubuntu1.2
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Tags: openssh opensshserver server ssh usedns
--
Logins to OpenSSH server slow due to "UseDNS yes" config
https://bugs.launchpad.net/bugs/424371
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list