Re: ssh login lag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



atomi wrote:
> I've got a pretty bare bones system. Headless Fedora Core 5
> My problem occurs when I login via putty through SSH,
> after I've entered my password there is an ugly lag...
> 
> here here is my IPTABLES:
> 
> *filter
> :OUTPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :FIREWALL-INPUT - [0:0]
> :INPUT ACCEPT [0:0]
> -A INPUT -j FIREWALL-INPUT
> 
> -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
> -A FIREWALL-INPUT -p tcp -m tcp -j REJECT
> -A FIREWALL-INPUT -p udp -m udp -j REJECT
> COMMIT
> 
> so, alright, pretty simple huh; anyone know why the lag monster appears?
> ANY insight i think would help.

You're probably blocking DNS queries or you have wrong DNS
settings.

I think the sshd process is trying to resolve the IP you're connecting
from to a name, but the firewall is dropping the packets, so it has
to wait that some timeout expires before going on.

Try to disactivate the stringent firewall rules, run ethereal and
look what kind of traffic is there in the normal (fast) case. Then
modify the firewall rules accordingly.

Alternatively, add a -j LOG rules before the REJECT rules, so you can
see in /var/log/messages what you're blocking.

  -A FIREWALL-INPUT -p tcp --dport ssh -j ACCEPT
  -A FIREWALL-INPUT -p tcp -m tcp -j LOG
  -A FIREWALL-INPUT -p tcp -m tcp -j REJECT
  -A FIREWALL-INPUT -p udp -m udp -j LOG
  -A FIREWALL-INPUT -p udp -m udp -j REJECT

Do you see a "Last login: " line after the delay? Does it contain
a numeric IP or a hostname?

Best regards.
-- 
   Roberto Ragusa    mail at robertoragusa.it


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux