You are viewing macosx

Tired of ads? Upgrade to paid account and never see ads again!
entries friends calendar profile Apple - Mac OS X Previous Previous Next Next
X times the power, X times the fun! - SSH in Tiger
Read the community rules!
kurisu
macosx
kurisu
SSH in Tiger
Is it just me, or does Tiger take forever to establish an SSH session? My two Gentoo Linux machines connect to each other almost instantaneously, but from my iBook it takes about 30 seconds.

Current Music: Pioneers (M83 Remix)

14 comments or Leave a comment
Comments
badger From: badger Date: May 10th, 2005 07:59 pm (UTC) (Link)
Having recently upgraded my tiBook from 10.3 to 10.4, I've noticed no change in connection times for connecting via ssh to the usual systems, which I do many times a day.
c0nsumer From: c0nsumer Date: May 10th, 2005 07:59 pm (UTC) (Link)
Ensure that SSH isn't set to resolve the IP. If it's an internal address, the connection is probably hanging until the attempt at resolution times out.
kurisu From: kurisu Date: May 10th, 2005 08:08 pm (UTC) (Link)
I'm actually using IP addresses directly. I have script files that I use to connect to SSH servers, so that I can tab-complete the names, and so I don't forget to change the username when I'm connecting to the uni machines. Besides, I have their names in /etc/hosts so they shouldn't try to resolve beyond the LAN.
nugget From: nugget Date: May 10th, 2005 08:20 pm (UTC) (Link)
99.99999% of the time this is a DNS issue. But the delay is not on your end, it's on the server end. The delay is almost certainly the server trying to do a reverse-lookup on your IP address to find out your hostname.

kurisu From: kurisu Date: May 10th, 2005 09:07 pm (UTC) (Link)
Yep, it's the reverse-lookup that's the problem.
c0nsumer From: c0nsumer Date: May 10th, 2005 10:42 pm (UTC) (Link)
I don't believe sshd uses hosts when doing a reverse lookup. Have you tried setting UseDNS to off? Default is to on... Remember to kill -HUP the process (or maybe stop/start it in Sharing) after making the config change.
nugget From: nugget Date: May 10th, 2005 08:25 pm (UTC) (Link)
On an unrelated note, there's a much easier way to handle username mismatches. Create a $HOME/.ssh/config file and tell ssh to use different usernames for different hosts as such:
# User login name "studentlogin" for all university hosts
Host *.university.edu
User            studentlogin

# For everything else, use "myname" as the login name
Host *
User            myname


There are a zillion options for the ssh config file -- you can set different security settings (ForwardX11 or ForwardAgent, for example) for more or less trusted hosts.

Mine looks something like this:
Host dazed
Hostname                dazed.slacker.com

Host suburbia
Hostname                suburbia.slacker.com

Host server.mycompany.com
User                    e032292

Host *.slacker.com dazed suburbia
ForwardAgent            yes
ForwardX11              yes

Host *
ForwardAgent            no
Compression             yes
CompressionLevel        9
ForwardX11              no
Cipher                  blowfish
KeepAlive               yes
Protocol                2,1

From: ex_gigahertz567 Date: May 10th, 2005 08:20 pm (UTC) (Link)
Do ssh -v -v -v [hostname] to see where it's hanging.
Mine hangs on debug3: Trying to reverse map address ww.xx.yy.zz. for about 30 seconds then continues with the messages
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found
.

...but I don't have time to resolve it just now :(
c0nsumer From: c0nsumer Date: May 10th, 2005 10:51 pm (UTC) (Link)
Just FYI, set uncomment UseDNS in /etc/sshd_config and set it to no. kill -HUP the process or stop/start it in sharing.
kurisu From: kurisu Date: May 11th, 2005 11:23 am (UTC) (Link)
Nope, that made absolutely no difference. (I did it on both client and server just to be sure I wasn't misunderstanding you).

Also, it doesn't solve my problems connecting to the uni servers. If I do ssh -v -v -v raven.csd.abdn.ac.uk from my iBook, it stalls on debug3: Trying to reverse map address 139.133.200.90. If I do the exact same thing on my Gentoo server (with all the same network settings), It doesn't try to reverse-map.
c0nsumer From: c0nsumer Date: May 11th, 2005 11:47 am (UTC) (Link)
Did you be absolutely certain to restart the daemon, not just editing the config file?

Also, maybe the problem you are having is on the client side, and you should change the CheckHostIP directive to no.

Also, look at your Linux boxes and see what they are using. For all intents and purposes if it's running OpenSSH, you should be able to practically have the configs mirror each other.
From: ex_gigahertz567 Date: May 11th, 2005 11:54 am (UTC) (Link)
CheckHostIP no makes it work nicely :)
Thanks.
From: ex_gigahertz567 Date: May 11th, 2005 11:51 am (UTC) (Link)
I've had that option turned off in the server config for several months. It's the client that's hanging, not the server. Thank you though :)
From: absolutegorilla Date: May 10th, 2005 09:08 pm (UTC) (Link)
just you.
14 comments or Leave a comment