-
Title
SSHd logins are slow -
Description
SSH logins to a SSHD server are very slow to bring up the Password: prompt.
-
Cause
This can be caused by sshds reverse DNS lookups timing out. When connecting to a sshd server, it attempts to reverse lookup the IP address of the client, and then do a forward lookup from the result. If either of these timeout sshd will be slow to login users.
To confirm this is the issue please run the SSHd interactively (in this example we start up sshd on port 2000)
# /pathtosshd/sshd -ddd -p 2000
Then attempt to ssh from another client to the SSHd server, and watch the SSHd logs on the console.
If DNS is the issue you will see SSHd stall at the point of "Trying to reverse map address ww.xx.yy.zz -
Resolution
RESOLUTION 1:
Ensure that the DNS settings are correct on the SSHd server. Ensure that the forward and reverse entries on your DNS server are correct and resolvable from the SSHd server (the client needs to have a forward A/CNAME record and a corresponding reverse PTR record).RESOLUTION 2:
On the SSHd server add the ssh clients hosts in the /etc/hosts fileRESOLUTION 3:
Turn off the DNS lookup option in SSHd.For Solaris SSHd use the below option in the sshd_config file
VerifyReverseMapping noFor OpenSSH use the below option in the sshd_config file
UseDNS no