Solved ssh login delay since 11.2

obsigna

Aspiring Daemon

Reaction score: 558
Messages: 956

Since updating to FreeBSD 11.2, I notice a significant delay of 2 to 3 seconds when logging-in from my Mac via ssh to my FreeBSD boxes in the LAN, and this is independent on system hardware, and processor speed, it happens with either of Atom dual core 1.6 GHz, Core i7, quad core 4 GHz and ARMv6 1 GHz of a BBB. In all cases I got in sshd_config(5) UseDNS no.

So, what the hell is sshd doing behind my back for 2 to 3 seconds before responding? 2 seconds are worth of 10 giga-instructions on modern processors, and thinking about this, I become a little bit nervous.
 

ShelLuser

Son of Beastie

Reaction score: 1,726
Messages: 3,546

Since updating to FreeBSD 11.2, I notice a significant delay of 2 to 3 seconds when logging-in from my Mac via ssh to my FreeBSD boxes in the LAN
Check your DNS settings on the FreeBSD machine. In many cases this is caused by the daemon which is performing a lookup on your IP.
 
OP
OP
obsigna

obsigna

Aspiring Daemon

Reaction score: 558
Messages: 956

Check your DNS settings on the FreeBSD machine. In many cases this is caused by the daemon which is performing a lookup on your IP.
Are you implying, that sshd since FreeBSD 11.2 does not honour anymore the setting UseDNS no?
 
OP
OP
obsigna

obsigna

Aspiring Daemon

Reaction score: 558
Messages: 956

Use ssh -vvv and just see where the time is spent.
I connect with ssh -vvv -p111 root@192.168.0.111 to the Core i7 box, and the following output follows immediately in no time:
Code:
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/rolf/.ssh/config
debug1: /Users/rolf/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.0.111 port 111.
After this, I see a delay of 3 seconds and then I see the debug output of the actual connection negotiation.
Code:
debug1: Connection established.
debug1: identity file ...
BTW, I will ignore any complains about ssh root login.
 

getopt

Aspiring Daemon

Reaction score: 404
Messages: 609

In ssh_config line
Code:
VerifyHostKeyDNS no
prevents SSHFP requests to DNS servers which may cause delays if nothing found.
 
OP
OP
obsigna

obsigna

Aspiring Daemon

Reaction score: 558
Messages: 956

In ssh_config line
Code:
VerifyHostKeyDNS no
prevents SSHFP requests to DNS servers which may cause delays if nothing found.
The issue is not a client one, and anyway, I keep my DNS settings on the LAN in a perfect shape - everything resolves back and forth in less than a millisecond.

However, I solved the problem by switching to security/openssh-portable, and I changed /etc/rc.conf respectively:
Code:
sshd_enable="NO"
openssh_flags="-f /etc/ssh/sshd_config"
openssh_skipportscheck="YES"
openssh_enable="YES"
 

Maxnix

Well-Known Member

Reaction score: 197
Messages: 323

One silly question (even if openssh-portable solved the problem): running sshd in debug mode showed anything?
 
OP
OP
obsigna

obsigna

Aspiring Daemon

Reaction score: 558
Messages: 956

When starting sshd(8) with the -d flag, I could not reproduce the problem, i.e. no noticeable delay between pressing enter and the SSH login greets. When setting LogLevel to DEBUG3 the whole logging got the same timestamp, even though, I notice a delay of 3 seconds. So the debugging efforts where not very helpful in nailing down the problem.
 
Top