touch-packages team mailing list archive

Thread
Date

[Bug 424371] Re: Logins to OpenSSH server slow due to "UseDNS yes" config

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Roderick Smith <rod.smith@xxxxxxxxxxxxx>
Date: Mon, 08 Dec 2014 17:41:49 -0000
Reply-to: Bug 424371 <424371@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Just to note: This problem still exists in Ubuntu 14.04LTS and 14.10.
It's annoying because I have to make changes to every new installation.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/424371

Title:
  Logins to OpenSSH server slow due to "UseDNS yes" config

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  When logging in to my Ubuntu 8.04 Server edition server via SSH
  (client PuTTY), logins take exactly 20 seconds from the time the
  username is entered and the time the password request appears.

  The problem is caused by the "UseDNS yes" config parameter.  When it
  is changed to "UseDNS no", the server logs in instantly.

  The cause of the problem is that the server is in a network that does
  not have a DHCP server to store client hostnames, and thus, when
  requesting the hostname, it waits for the request to timeout.  When
  the same server is put on a network with a DHCP server, the logins are
  instantaneous as well.

  Another workaround is to put the client's hostname and IP address in
  /etc/hosts.

  This bug has similar symptoms to
  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899 , but in
  my case, disabling GSSAPIAuthentication does not resolve the issue.

  I would disable UseDNS permanently, but I am skiddish because it
  sounds like a security feature.  Unfortunately, it seems worthless;
  when I put the client's hostname and the WRONG IP address in
  /etc/hosts, the connection still is successful (after a 20 second
  delay).  That poses the question: what is the point of UseDNS?

  In bug 84899, someone suggests changing /etc/nsswitch.conf, but my
  configuration was already like the recommended fix.

  All config files are at their defaults.

  To Reproduce:
  Install Ubuntu Server 8.04
  `apt-get install openssh-server`
  Put machine on non-DHCP network
  Connect to machine's IP

  `lsb_release -rd`
  Description: Ubuntu 8.04.3 LTS
  Release: 8.04

  `apt-cache policy openssh-server1
  Installed: 1:4.7p1-8ubuntu1.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/424371/+subscriptions