Delay in FTP Logging-in

[jmukhtar]

Hi

I am facing a problem in which I getting a delay while connecting via FTP.

I have a FreeBSD server that is running some services and applications. I have two accounts on it 1 similar to root (lets say root_account) and the other for ftp (lets say ftp_account) with no shell login. When I am trying to connect via root_account I can login in instantaneously but when I am trying to login via ftp_account I am getting a delay just after entering password and before getting

230 User ftp_account logged in

I tried different troubleshooting tips but couldn't find the reason of this delay that is only related to ftp_account and not with root_account.

Any help would be really helpful to me as I am getting a lot of issues at the time of boot up as we fetch different configuration files from remote server via ftp and because of this delay server fails to boot up properly.

regards,
Junaid

 

[chatwizrd]

Try enabling debug mode on whatever ftp daemon you are using. This usually involves running it in foreground instead of forking it to background.

Which ftp daemon do you use?

 

[J65nko]

Some servers perform a reverse DNS lookup of the IP of the client logging in. When this DNS lookup fails initially, it is repeated a few times. This causes a delay.

In your case this only would apply if the ftp_account uses a different IP address than the root_account.
You can check whether reverse DNS lookups are the case by running tcpdump on the ftp server and watch the traffic on port 53.

# tcpdump s 1500 -ni em0 port 53This is the output when the reverse name lookup succeeds:

17:30:50.627197 IP xx.xx.xx.xx.49431 > yy.yy.yy.yy.53:  62218+ PTR? z4.z3.z2.z1.in-addr.arpa. (45)
17:30:50.627681 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.49431:  62218 1/4/3 PTR h100z4.upc-h.chello.nl. (242)
17:30:50.627820 IP xx.xx.xx.xx.58001 > yy.yy.yy.yy.53:  62219+ A? h100z4.upc-h.chello.nl. (41)
17:30:50.628302 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.58001:  62219 1/3/2 A z1.z2.z3.z4 (170)
17:30:50.628526 IP xx.xx.xx.xx.62794 > yy.yy.yy.yy.53:  62218+ PTR? z4.z3.z2.z1.in-addr.arpa. (45)
17:30:50.754882 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.62794:  62218 1/4/5 PTR h100z4.upc-h.chello.nl. (274)
17:30:50.755021 IP xx.xx.xx.xx.61185 > yy.yy.yy.yy.53:  62219+ A? h100z4.upc-h.chello.nl. (41)
17:30:50.755503 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.61185:  62219 1/3/3 A z1.z2.z3.z4 (186)
17:30:51.037239 IP xx.xx.xx.xx.60777 > yy.yy.yy.yy.53:  62220+ A? h100z4.upc-h.chello.nl. (41)
17:30:51.037723 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.60777:  62220 1/3/2 A z1.z2.z3.z4 (170)
17:30:51.037773 IP xx.xx.xx.xx.51196 > yy.yy.yy.yy.53:  62221+ AAAA? h100z4.upc-h.chello.nl. (41)
17:30:51.189089 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.51196:  62221 0/1/0 (106)
17:30:51.189176 IP xx.xx.xx.xx.54823 > yy.yy.yy.yy.53:  62222+ A? h100z4.upc-h.chello.nl. (41)
17:30:51.337231 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.54823:  62222 1/3/1 A z1.z2.z3.z4 (154)
17:30:51.337274 IP xx.xx.xx.xx.62628 > yy.yy.yy.yy.53:  62223+ AAAA? h100z4.upc-h.chello.nl. (41)
17:30:51.337600 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.62628:  62223 0/1/0 (106)
17:30:51.617623 IP xx.xx.xx.xx.53911 > yy.yy.yy.yy.53:  62224+ PTR? z4.z3.z2.z1.in-addr.arpa. (45)
17:30:51.618107 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.53911:  62224 1/4/5 PTR h100z4.upc-h.chello.nl. (274)
17:30:51.618220 IP xx.xx.xx.xx.51853 > yy.yy.yy.yy.53:  62225+ A? h100z4.upc-h.chello.nl. (41)
17:30:51.618703 IP yy.yy.yy.yy.53 > xx.xx.xx.xx.51853:  62225 1/3/1 A z1.z2.z3.z4 (154)

Legenda:

• xx.xx.xx.xx : IP address of the server (sshd)
• yy.yy.yy.yy : IP of the name server
• z1.z2.z3.z4 : IP of the client

When the DNS lookup fails you will see repeated + PTR? z4.z3.z2.z1.in-addr.arpa. (45) requests.

 

[jmukhtar]

@J65nko: both root_account and ftp_account are coming from the same IP address. Even if I run ftp "ftp://ftp_accountassword@localhost/abc/xyz" I see a delay just after when it says "331 Password required for ftp_account". I am attaching an extract from the trace, What I can see is server is sending an ack to client (see attached extract of that) and after 2 sec server send Response:230 User Logged In.

@chatwizrd: How can I run ftpd in foreground? I tried running it with -d option but couldn't force much of the logging. I was just getting failed login attempts in messages file.