[rescue] openssh on netBSD
Derrick D. Daugherty
rescue at sunhelp.org
Sat Oct 6 19:06:36 CDT 2001
It's rumored that around Sat, Oct 06, 2001 at 01:58:42PM -0400
Kurt Huhn <kurt at k-huhn.com> wrote:
> > > I share the same problem. SS5, netbsd, long long time until password
> > > prompt comes. If anyone known the magic demon tweak for this, I would
> > > like to know it, too!
> I had the same issue on a lot of servers at work until I added reverse
> lookup entries in DNS for all the addresses (even if you only use foo1,
> foo2, foo3, etc). Failing RDNS, try adding entries in your /etc/hosts file
> for all of your machines. That should speed it up considerably. SSH tries
> to resolve IP addresses to names, and that can take some time if it can't
> find a name.
Hmm, if this is the case you can look at the ReverseMappingCheck
directive in /usr/local/etc/sshd_conf....
but my real guess is poor entropy/rand source..you can add on other ways to
do it... EGD, entropy gathering daemon..or PRNGD. either of these
should help if it's really the key generation that's taking a while. a krace
on the daemon would tell ya. worth a shot to see if it makes a diff
over /dev/random. I think i've also read past issues with /dev/random
on sparc..but I could be on crack..also, make sure ya compild it in
another thing to consider which goes with what Kurt was saying. From
3.3 - ssh(1) takes a long time to connect with Linux/glibc 2.1
The glibc shipped with Redhat 6.1 appears to take a long time to resolve
"IPv6 or IPv4" addresses from domain names. This can be kludged around
with the --with-ipv4-default configure option. This instructs OpenSSH to
use IPv4-only address resolution. (IPv6 lookups may still be made by
specifying the -6 option).
Sure it says linux, but thought it was worth mentioning.
More information about the rescue