Several second hang on ssh login

Bug #883201 reported by Joel on 2011-10-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Medium
Unassigned

Bug Description

This problem is new since 11.04. It only occurs when connecting to a server that I have not recently connected to. The problem still remains after commenting out all lines in /etc/ssh_config.

To reproduce:

Check that DNS is operating correctly:

joel@joel-vm:~$ host testp1-db # this is instant
testp1-db.mydomain.com has address 192.168.2.50
joel@joel-vm:~$ host 192.168.2.50 # this is instant
50.2.168.192.in-addr.arpa domain name pointer testp1-db.mydomain.com.

Connect to the server:

joel@joel-vm:~$ ssh -vvv root@testp1-db
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0

<At this point, there is a hang of several seconds and then everything follows normally>

debug1: Connecting to testp1-db [192.168.2.50] port 22.
debug1: Connection established.

Connecting to the server subsequently works at normal speed.

Joel (jeidsath) wrote :

Should read "new in 11.10"

Dave Walker (davewalker) on 2011-11-09
Changed in openssh (Ubuntu):
importance: Undecided → Medium
Joel (jeidsath) wrote :

I've tracked the problem down to something DNS related. But I'm still not sure exactly what the issue is.

Other people seem to be having the problem as well, for a couple of Ubuntu releases at least. The instructions for fixing the problem on the internet say to set "UseDNS = no" in client sshd config (this is silly and does nothing of course), and then to add the server hostname in /etc/hosts (which is actually what fixes the problem).

Troubleshooting reveals the following interesting facts:

1) The problem does not occur with IP addresses or FQDNs. So 'ssh servername.domain.com' or 'ssh 192.168.0.2' is fast but 'ssh servername' is slow.

2) 'host servername' is consistently fast, and the only search line in /etc/resolv.conf is 'search domain.com'

3) The root user does not experience this issue.

4) Normal users with all userland config wiped (.bashrc and .bash_profile) still experience the issue.

5) The problem is not reproducible with any other network tool other than ssh. Ping, telnet, wget, etc., do not experience any DNS-lookup hang.

So what is ssh doing special with regards to DNS that other network tools don't do?

Joel (jeidsath) wrote :

It turns out that this bug is caused by #417757.

Installing powerdns resolver was a sufficient workaround.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers