:: Re: [DNG] ..should we set up our ow…
Etusivu
Poista viesti
Vastaa
Lähettäjä: Dr. Nikolaus Klepp
Päiväys:  
Vastaanottaja: dng
Aihe: Re: [DNG] ..should we set up our own usage policy wizard script?, was: OpenSSH: delay on beowulf
Anno domini 2019 Mon, 11 Feb 15:17:16 +0100
KatolaZ scripsit:
> On Mon, Feb 11, 2019 at 11:25:03AM +0100, Dr. Nikolaus Klepp wrote:
> > Anno domini 2019 Mon, 11 Feb 10:51:09 +0100
> > Didier Kryn scripsit:
> > > Le 10/02/2019 à 18:19, Arnt Karlsen a écrit :
> > > >>
> > > >> There's nothing in the logs. It just takes verry long to start.
> > >
> > >
> > >     Tried to set LogLevel in sshd_config?
> > >
> > >     or launch sshd with the -d option ?
> > >
> > >
> > >             Didier
> >
> > Hi!
> >
> > The problem only exists if all of these conditions are met:
> >
> > - kernel 4.19. from beowulf
> > - network up, but DNS of ISP not reacting in time or dhcpcd did not get a lease
> > - sshd_config has "UseDNS yes"
> > - first try to start sshd after boot
> >
> > The problem is solved by "UseDNS no" in sshd_config.
> >
> > Now that sshd uses DNS on first startup is quite surprising - at least it was for me.
>
>
> This is something you must have specified in your sshd_config, since
> the default for sshd is to *not* UseDNS. From `man sshd_config`:
>
>      UseDNS  Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the re‐
>                   mote IP address maps back to the very same IP address.

>
>              If this option is set to no (the default) then only addresses and not host names may be used in
>                       ~/.ssh/authorized_keys from and sshd_config Match Host directives.

>             
> So sshd is trying to make sure that the IP it is listening on actually
> maps back to the hostname.
>
> My2Cents
>
> KatolaZ
>


hi!

I have taken over the suggested sshd_config from the package. The line that was in sshd_config said:

# UseDNS no

But this line actually leads to sshd waiting for DNS (maybe) to become ready or timeout. I have not yet have time to figure out what sshd is waiting for.


Nik

--
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...