3

Setup

We have a DMZ and LAN in our office that are connected to the outside with the following setup:

+------+
|      |------> LAN (normal office router)
|Modem |
|      |------> DMZ (a single machine)
+------+

Our internet account is with Comcast and we have 5 status IPs, one of which points to the single machine in the DMZ.

Problem

ssh connections initiated ANYWHERE EXCEPT the office LAN are really fast. However, from the LAN, there is about a 5 second delay. WTF??

Extra info

The DMZ machine is debian 5.

Executing a wget to the DMZ has no lag.

When executing the following, everything up to HERE IS WHERE THE LAG IS INCURRED executes immediately.

ssh -vvvv sam@dmz.com

...
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1015
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1063
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/shopkins/.ssh/id_rsa (0x22440830)
debug2: key: /home/shopkins/.ssh/identity ((nil))
debug2: key: /home/shopkins/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1127`


HERE IS WHERE THE LAG IS INCURRED


debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/shopkins/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1495
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/shopkins/.ssh/identity
debug3: no such identity: /home/shopkins/.ssh/identity
debug1: Trying private key: /home/shopkins/.ssh/id_dsa
debug3: no such identity: /home/shopkins/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
sam@dmz.com's password:
Hersheezy
  • 356
  • 1
  • 16

2 Answers2

9

Most probably having to wait for the reverse DNS lookup to timeout/fail.

Try setting this in /etc/ssh/sshd_config (assuming you are using the default install of openssh) and see if that fixes your issue.

UseDNS no
syserr0r
  • 500
  • 3
  • 10
  • Awesome! Just out of curiosity, what is going on behind the scenes here and why is the lag only incurred when connecting from within the office? – Hersheezy Mar 17 '11 at 15:36
  • The machine is doing a reverse DNS lookup on your IP address and for one reason or another (most likely your IP address doesn't have a valid reverse DNS address or it is a private address) can't find a valid PTR record and so has to wait for the DNS lookup to timeout (normally 1-2 seconds per resolver). Connecting from other places is fine because they have proper reverse DNS (PTR) records. – syserr0r Mar 17 '11 at 16:40
0

You have to add "UseDNS no" into the file /etc/ssh/sshd_config on the destination host which you are trying to connect to.

Be careful about the difference between sshd_config and ssh_config.

You have to restart the ssh daemon on the destination host :

(For FreeBSD)

/etc/rc.d/sshd restart
Reşit Şahin
  • 1
  • 1