[OpenIndiana-discuss] ssh sessions timing out?
Gary Gendel
gary at genashor.com
Thu Oct 13 13:41:08 UTC 2011
On 10/13/11 9:04 AM, James Carlson wrote:
> Gary Gendel wrote:
>> Back on topic... My OpenIndiana ssh service seems to take a long time to
>> connect with a client (long delay before the password prompt is
>> displayed). It happens most of the time and feels like a network
>> timeout issue. How can I figure out what it's waiting for?
> That sounds like a very common (and not Solaris-specific) network
> symptom: check your reverse (IN PTR) DNS records and/or /etc/hosts,
> /etc/nsswitch.conf, and /etc/resolv.conf files. The usual reason this
> happens is that the sshd process (the server) attempts to look up the
> canonical host name for the incoming connection, and since the address
> isn't known or the DNS resolver is misconfigured, it takes a long time
> for the server to give up trying to get a name for the client.
>
> The test for this, on the server side, would be to do something like this:
>
> % getent hosts 192.168.254.200
>
> ... but replace that address with the address of the client. If that
> query doesn't return immediately with a useful answer (such as
> "192.168.254.200 dhcp-200"), that's what's wrong.
>
Thanks for the help... the getent command returns instantly but nslookup
and dig don't resolve. It looks like sshd bypasses nsswitch.conf and
does dns directly. My static resolv.conf was overwritten by dhcpagent.
I run a local dns caching service that redirects requests to either a
local name server or the ISP ones depending on the request.
My /etc/resolv.conf should always look like:
domain genashor.com
nameserver 10.101.1.7
Doing this fixed the timeout problem. Is there a way to get dhcpagent
to leave resolv.conf alone, or to trigger my event handler (which
updates the dns cache service and corrects the resolv.conf) when a BOUND
or INFORM message comes in?
Gary
More information about the OpenIndiana-discuss
mailing list