LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Too much delay in ftp/ssh to start (https://www.linuxquestions.org/questions/linux-networking-3/too-much-delay-in-ftp-ssh-to-start-242812/)

anmsg 10-14-2004 11:37 PM

Too much delay in ftp/ssh to start
 
I have exactly same setup in two offices. From one office, if I try to do ftp (or ssh) to anywhere in the world, it takes a long time before the login prompt comes (roughly 10-15 seconds minimum). Ftp normally takes far more time though.

However, from another office, I get it almost instantaneously!

I was told by several people that it could be "Reverse DNS Mapping" which is causing this trouble. If that is really the case, then I should get the trouble in both offices since they have exactly same kind of DNS setup (of course, with the difference of their own external/internal IPs).

I also have similar type of "/etc/hosts", "/etc/resolv.conf" and "/etc/nsswitch.conf" files at both ends. I have also checked "/etc/hosts.allow" and "/etc/hosts.deny" files at both ends. They are essentially empty.

The machines where I try this, are the main masquerading machines connected directly to the internet via modem/router and firewall. There is of course, internal network at both offices which is connected via VPN (ipsec).

Could it be the case that some DNS entries at ISP of problematic office is causing some trouble here?

Thanks all for your time..

mastahnke 10-15-2004 12:52 AM

really sounds like dns. You can change your /etc/ssh/sshd_config to not do reverse dns lookup, that could save you time. Also, most ftp daemons can be changed. Sounds like dns is hosed at one end, or your NAT has no reverse record.


MIKE

anmsg 10-15-2004 03:50 AM

Could you please tell what to change in "/etc/ssh/sshd_config"? Also, I am using vsftpd on the problematic office. How do I disable reverse name lookup there?

mciann 10-15-2004 07:46 AM

I think the following entry would do it (in /etc/ssh/sshd_config):

Code:

VerifyReverseMapping no
Note that you would need to make this change on the servers you are trying to reach from the affected office, not the servers located at this office.

The problem is that when you contact a host from this office, the host tries to do an inverse lookup on your public IP address. If there is no reply, pretty much everything that uses IP will be delayed. The real solution, therefore, is to contact your ISP and get a reverse DNS entry set up for that address.

LANLocked 10-15-2004 07:52 AM

could do manual entries in /etc/hosts
 
If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.

mciann 10-15-2004 10:43 AM

Quote:

If your IP address for your office router is statice you could simply put an entry in the /etc/hosts file of the machines that you are trying to connect to.
I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?

hearsey 10-15-2004 12:31 PM

/etc/hosts additions have worked for me in the past.

jcomeau_ictx 10-15-2004 12:52 PM

Quote:

Originally posted by mciann
I haven't had success with that approach in the past. Will the machine look to /etc/hosts to do an inverse?
That depends on /etc/nsswitch.conf. Look for:

hosts: files dns

And you should be OK putting the static IP in. But as the other guys pointed out, your best bet is to always disable reverse lookups in your daemons. I know proftpd has such a setting.

[added later:] The tools 'strace' and 'tcpdump' are invaluable in solving this type of problem, but it takes a while to get proficient with them.

linuxles 10-15-2004 06:20 PM

Quote:

Originally posted by mciann
I think the following entry would do it (in /etc/ssh/sshd_config):

Code:

VerifyReverseMapping no

The default value for Reverse Lookups is "no", so unless he has specifically
changed his SSH Configuration to do reverse lookups that won't be it.

/Les


All times are GMT -5. The time now is 04:00 AM.