[OpenIndiana-discuss] ssh sessions timing out?

Gary Gendel gary at genashor.com
Thu Oct 13 13:45:07 UTC 2011

On 10/13/11 9:41 AM, Gary Gendel wrote:
> On 10/13/11 9:04 AM, James Carlson wrote:
>> Gary Gendel wrote:
>>> Back on topic... My OpenIndiana ssh service seems to take a long 
>>> time to
>>> connect with a client (long delay before the password prompt is
>>> displayed).  It happens most of the time and feels like a network
>>> timeout issue.  How can I figure out what it's waiting for?
>> That sounds like a very common (and not Solaris-specific) network
>> symptom: check your reverse (IN PTR) DNS records and/or /etc/hosts,
>> /etc/nsswitch.conf, and /etc/resolv.conf files.  The usual reason this
>> happens is that the sshd process (the server) attempts to look up the
>> canonical host name for the incoming connection, and since the address
>> isn't known or the DNS resolver is misconfigured, it takes a long time
>> for the server to give up trying to get a name for the client.
>> The test for this, on the server side, would be to do something like 
>> this:
>>     % getent hosts
>> ... but replace that address with the address of the client.  If that
>> query doesn't return immediately with a useful answer (such as
>> " dhcp-200"), that's what's wrong.
> Thanks for the help... the getent command returns instantly but 
> nslookup and dig don't resolve.  It looks like sshd bypasses 
> nsswitch.conf and does dns directly.  My static resolv.conf was 
> overwritten by dhcpagent.  I run a local dns caching service that 
> redirects requests to either a local name server or the ISP ones 
> depending on the request.
> My /etc/resolv.conf should always look like:
> domain genashor.com
> nameserver
> Doing this fixed the timeout problem.  Is there a way to get dhcpagent 
> to leave resolv.conf alone, or to trigger my event handler (which 
> updates the dns cache service and corrects the resolv.conf) when a 
> BOUND or INFORM message comes in?
Sorry, that was clear as mud... I already have an event handler for 
dhcpagent that processes a BOUND or INFORM message, but it doesn't seem 
to get triggered when it first starts up (or maybe the overwrite happens 
later). So the question is how to prevent dhcpagent from writing the 
/etc/resolv.conf file.

More information about the OpenIndiana-discuss mailing list