FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 11-27-2007, 08:19 PM
Dale
 
Default ssh connections time out

Dan Farrell wrote:

On Tue, 27 Nov 2007 13:26:18 -0600
Dale <dalek1967@bellsouth.net> wrote:



Just to add to this, I was using the IP address too and it was very
slow. This was also on a local network. After adding the lines to my
host files, it was fast no matter whether I used the name or the IP
address. I still don't understand why this matters tho.

Just a thought.

Dale



I am guessing your /etc/nsswitch.conf says:
hosts: files dns

in this case, the /etc/hosts file will be consulted before the dns. If
you provide an IP address, it will probably want to do a reverse lookup
to the name (for .ssh/known-hosts for one); if provided a domain name,
it will have to look it up.




You are correct.* It has that exact line in the nsswitch.conf file.*
Someone tried to explain the "lookup" thing but it just went over my
head.* I know when I go to google for example that it goes to a DNS
server to get the IP to know where to go to.* I just never could figure
why it did that when it has the number already.* I just know that
adding that to the host file worked like a charm.



I'm still curious as to why the OP is having this problem.* I suspect,
like me all the time, it will be something pretty simple.* We always
find the complicated stuff.* LOL



Dale



:-)* :-) :-)
 
Old 11-28-2007, 01:08 AM
"Mark Shields"
 
Default ssh connections time out

On Nov 27, 2007 4:19 PM, Dale <dalek1967@bellsouth.net> wrote:







Dan Farrell wrote:

On Tue, 27 Nov 2007 13:26:18 -0600
Dale <dalek1967@bellsouth.net> wrote:



Just to add to this, I was using the IP address too and it was very
slow. This was also on a local network. After adding the lines to my
host files, it was fast no matter whether I used the name or the IP
address. I still don't understand why this matters tho.

Just a thought.

Dale


I am guessing your /etc/nsswitch.conf says:
hosts: files dns

in this case, the /etc/hosts file will be consulted before the dns. If
you provide an IP address, it will probably want to do a reverse lookup
to the name (for .ssh/known-hosts for one); if provided a domain name,
it will have to look it up.




You are correct.* It has that exact line in the nsswitch.conf file.*
Someone tried to explain the "lookup" thing but it just went over my
head.* I know when I go to google for example that it goes to a DNS
server to get the IP to know where to go to.* I just never could figure
why it did that when it has the number already.* I just know that
adding that to the host file worked like a charm.



I'm still curious as to why the OP is having this problem.* I suspect,
like me all the time, it will be something pretty simple.* We always
find the complicated stuff.* LOL



Dale



:-)* :-) :-)




The "lookup thing" is very similar to the same kind of DNS query used when visiting a website.
--
- Mark Shields
 
Old 11-28-2007, 01:39 AM
Dale
 
Default ssh connections time out

Mark Shields wrote:
On Nov 27, 2007 4:19 PM, Dale <dalek1967@bellsouth.net>
wrote:



Dan Farrell wrote:



On Tue, 27 Nov 2007 13:26:18 -0600
Dale <dalek1967@bellsouth.net> wrote:






You are correct.* It has that exact line in the nsswitch.conf file.*
Someone tried to explain the "lookup" thing but it just went over my
head.* I know when I go to google for example that it goes to a DNS
server to get the IP to know where to go to.* I just never could figure
why it did that when it has the number already.* I just know that
adding that to the host file worked like a charm.



I'm still curious as to why the OP is having this problem.* I suspect,
like me all the time, it will be something pretty simple.* We always
find the complicated stuff.* LOL



Dale



:-)* :-) :-)






The "lookup thing" is very similar to the same kind of DNS query used
when visiting a website.


--

- Mark Shields



Yea, I got that part but why does it do that when you are using the IP
number to go to it?* That was what was confusing me.* Up until that
time, I didn't even name the systems since all I used them for was to
run folding.* After I named them and put the entries in the hosts file,
it worked fine even when ssh'ing in with the IP number.* Before that,
it took forever to login.



I would think that it would just go straight to it without a look-up at
that point.* Then again, I'm not networking guru either.



Dale



:-)* :-)*
 
Old 11-28-2007, 01:59 AM
Billy Holmes
 
Default ssh connections time out

Dale wrote:
> didn't even name the systems since all I used them for was to run
> folding. After I named them and put the entries in the hosts file, it
> worked fine even when ssh'ing in with the IP number. Before that, it
> took forever to login.

google: reverse lookup dns wikipedia

click on the first link

that's what the REMOTE machine will do after you connect to it, but
before you get a prompt. This can (normally) be configured on an
application basis to not do it.
--
gentoo-user@gentoo.org mailing list
 
Old 11-28-2007, 04:12 AM
Dale
 
Default ssh connections time out

Billy Holmes wrote:

Dale wrote:


didn't even name the systems since all I used them for was to run
folding. After I named them and put the entries in the hosts file, it
worked fine even when ssh'ing in with the IP number. Before that, it
took forever to login.



google: reverse lookup dns wikipedia

click on the first link

that's what the REMOTE machine will do after you connect to it, but
before you get a prompt. This can (normally) be configured on an
application basis to not do it.




OK.* I read most of it, what I could get a grip on anyway.* Basically
it looks to see if that IP address has a name too.* Sort of silly but,
whatever works I guess.* At least now I sort of get what it means.



Thanks for the info.



Dale



:-)* :-)* :-)*
 
Old 11-28-2007, 08:29 AM
Etaoin Shrdlu
 
Default ssh connections time out

On Wednesday 28 November 2007, Dale wrote:

> Billy Holmes wrote:
> >
> > that's what the REMOTE machine will do after you connect to it, but
> > before you get a prompt. This can (normally) be configured on an
> > application basis to not do it.
>
> OK. I read most of it, what I could get a grip on anyway. Basically
> it looks to see if that IP address has a name too. Sort of silly but,
> whatever works I guess.

It does not stop there. It's usually used to prevent spoofing.

The complete process is more or less as follows: suppose you connect with
a spoofed IP address, then the remote end will do the reverse lookup to
find out your dns name, do a forward lookup with the name it just found,
and see if the resulting IP is the one you are connecting from.

From man sshd_config:

UseDNS Specifies whether sshd(8) should look up the remote host name
and check that the resolved host name for the remote IP address
maps back to the very same IP address. The default is ``yes'.
--
gentoo-user@gentoo.org mailing list
 
Old 11-28-2007, 08:57 AM
Mick
 
Default ssh connections time out

On Tuesday 27 November 2007, Vladimir Rusinov wrote:
> On 11/27/07, Mick <michaelkintzios@gmail.com> wrote:
> > Have you come across such a problem before? How can I troubleshoot
> > it? In
> > this day and age of broadband connections it seems strange to get worse
> > performance than on a dialup network . . . I mean I have run VNC
> > connections
> > over a 56k dial up with more responsiveness than this!
>
> Tune QoS (Quality of Service). It's not very trivial, but there are some
> good howtos/articles.

Trying to stick to the OP:

I just ran some quick tcptraceroute tests and can see that my random port
number has the same or less latency than port 80, or port 22
connections . . .
--
Regards,
Mick
 
Old 11-28-2007, 11:07 AM
Dale
 
Default ssh connections time out

Etaoin Shrdlu wrote:

On Wednesday 28 November 2007, Dale wrote:



Billy Holmes wrote:


that's what the REMOTE machine will do after you connect to it, but
before you get a prompt. This can (normally) be configured on an
application basis to not do it.


OK. I read most of it, what I could get a grip on anyway. Basically
it looks to see if that IP address has a name too. Sort of silly but,
whatever works I guess.



It does not stop there. It's usually used to prevent spoofing.

The complete process is more or less as follows: suppose you connect with
a spoofed IP address, then the remote end will do the reverse lookup to
find out your dns name, do a forward lookup with the name it just found,
and see if the resulting IP is the one you are connecting from.

From man sshd_config:

UseDNS Specifies whether sshd(8) should look up the remote host name
and check that the resolved host name for the remote IP address
maps back to the very same IP address. The default is ``yes'.




I was sort of thinking about it helping with that.* I just wasn't sure
that would work like I was thinking.* I suspected it may be a security
thing.* It seems that most things with Linux are security related
anyway.* That's pretty cool.* Some geek got a great idea.* o_O



Now it makes good sense.* I think it is pretty cool that it does that,
even if it messed me up at first.* Just wish this wouold have fixed the
OP's problem.



Thanks.



Dale



:-)* :-)* :-)
 
Old 11-28-2007, 06:00 PM
Dan Farrell
 
Default ssh connections time out

On Wed, 28 Nov 2007 09:57:25 +0000
Mick <michaelkintzios@gmail.com> wrote:

> I just ran some quick tcptraceroute tests and can see that my random
> port number has the same or less latency than port 80, or port 22
> connections . . .

DNS Servers over loaded, on one side of the transaction or the other?
--
gentoo-user@gentoo.org mailing list
 
Old 11-29-2007, 03:41 AM
Billy Holmes
 
Default ssh connections time out

Mick wrote:
> I just ran some quick tcptraceroute tests and can see that my random port
> number has the same or less latency than port 80, or port 22
> connections . . .
>

try two things:

1) put your sshd on port 443 if you can. see if you can connect with no
latency.

or

2) perform this as root on BOTH boxes:

# echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

that will disable the large tcp window negotiation. some broken
firewalls/packet filters cause connections with this enabled to fail or
become unfriendly.

http://lists.debian.org/debian-kernel/2007/01/msg00652.html
--
gentoo-user@gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 08:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org