SSH into a jail takes so long

Question

I have only one ip address and so I get to my jail through NAT. SSH to the host is lightning-fast but SSH to the jail is awfully long... Like 20 seconds between ssh command and prompt for public key password :-s

In pf.conf :

rdr pass log (all) on $ext_if proto tcp to port $jail_ssh -> $jail_ip port ssh

pass log (all) quick on $ext_if proto tcp to port $host_ssh

Tcp dumps are the same except the 20 seconds time gap... sshd configs are equal..!

Did you disable DNS in the sshd_config for the jail? – Andrew Domaszek Apr 01 '17 at 19:07 — Andrew Domaszek, Apr 01 '17 at 19:07

score 1 · Accepted Answer · answered Apr 01 '17 at 19:47

1

Yeay! Good point, Andrew! The jail couldn't resolve anything since I forgot to nat jail traffic! nat pass on $ext_if from $jail_network -> ($ext_if) was missing in pf.conf :-s

answered Apr 01 '17 at 19:47

Psyloh

11
4

SSH into a jail takes so long

1 Answers1