From m...@my.gd Wed Feb 20 10:28:54 2013
Ok I think you've got a DNS resolution problem here,
so when you try to establish the connection,
SSHD tries to resolve your client's hostname.
It fails and times out, however your ssh login gracetime is already
over.
You have several options here:
1/ increase the login grace time in sshd_config
ok:
LoginGraceTime 3m
2/ set usedns no (or do both, btw)
ok:
UseDNS no
3/ fix DNS resolution ;)
Well, I'm waiting for the IT support guys
to do this, but they are very slow.
I would definitely recommend
turning off hostname resolution for sshd,
it is of marginal value (to me at least).
Following the sshd man page, I'm also trying this:
*quote*
-u0 may also be used to prevent sshd from making
DNS requests unless the authentication mechanism or configuration
requires it. Authentication mechanisms that may require DNS
include RhostsRSAAuthentication, HostbasedAuthentication, and
using a from="pattern-list" option in a key file. Configuration
options that require DNS include using a USER@HOST pattern in
AllowUsers or DenyUsers.
*end quote*
I set in /etc/ssh/sshd_config:
RhostsRSAAuthentication no
HostbasedAuthentication no
AllowUsers mexas
and I don't have DenyUsers at all.
I then restart sshd as
/usr/sbin/sshd -u0
However, I still see the same (I think)
output from tcpdump and still get ssh timeout:
10:55:32.503085 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [P.], seq 535
20:53568, ack 64033, win 1040, options [nop,nop,TS val 169209828 ecr 2123714526]
, length 48
10:55:32.604376 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [.], ack 5356
8, win 1040, options [nop,nop,TS val 2123715301 ecr 169209828], length 0
10:55:32.668861 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [P.], seq 535
68:53616, ack 64033, win 1040, options [nop,nop,TS val 169209994 ecr 2123715301]
, length 48
10:55:32.671995 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 640
33:64161, ack 53616, win 1040, options [nop,nop,TS val 2123715368 ecr 169209994]
, length 128
10:55:32.672501 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 641
61:64209, ack 53616, win 1040, options [nop,nop,TS val 2123715368 ecr 169209994]
, length 48
10:55:32.672763 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [.], ack 6420
9, win 1040, options [nop,nop,TS val 169209998 ecr 2123715368], length 0
10:55:33.394762 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [P.], seq 536
16:53664, ack 64209, win 1040, options [nop,nop,TS val 169210720 ecr 2123715368]
, length 48
10:55:33.396877 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 642
09:64257, ack 53664, win 1040, options [nop,nop,TS val 2123716093 ecr 169210720]
, length 48
10:55:33.496782 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [.], ack 6425
7, win 1040, options [nop,nop,TS val 169210822 ecr 2123716093], length 0
Thanks
Anton
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
