Hi Edward,

No, after connection there is no delay in nslookup queries.

I've checked the DNS configuration on these boxes and there's no issue
with that. To prove a point I made sure I could resolve/reverse resolve
the localhost and then tried sshing to itself.

---
aixhost1# nslookup aixhost1
Server: nameserver1.local
Address: 10.44.138.181

Name: aixhost1.local
Address: 10.44.152.102

aixhost1# nslookup 10.44.152.102
Server: nameserver1.local
Address: 10.44.138.181

Name: aixhost1.local
Address: 10.44.152.102

aixhost1# ssh 10.44.152.102
---

And still the pause occurs. And regardless, I have told sshd not to
perform DNS lookups (UseDNS no).

I tried strace/truss'ing both client and server when we get the freeze and
got the following:

CLIENT:
[...]
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096
read(4, "x:21187:1002:\"xxxxxx xxxxxx xxxx"..., 4096) = 1089
close(4) = 0
munmap(0xb75f4000, 4096) = 0
rt_sigaction(SIGPIPE, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
read(3, "S", 1) = 1 <-- pause here after "read(3,
"
read(3, "S", 1) = 1
read(3, "H", 1) = 1
read(3, "-", 1) = 1
read(3, "2", 1) = 1
read(3, ".", 1) = 1
read(3, "0", 1) = 1
[...]

So it looks like it's hanging waiting for the server to send it some
information.

SERVER:
(after a connection attempt)
[...]
11755760: 14270497: open("/etc/hesiod.conf", O_RDONLY) Err#2
ENOENT
11755760: 14270497: __libc_sbrk(0x00000000) =
0x2002B150
11755760: 14270497: open("/etc/irs.conf", O_RDONLY) Err#2
ENOENT
11755760: 14270497: getdomainname(0xF0409B88, 1024) = 0
11755760: 14270497: getdomainname(0xF0409B88, 1024) = 0
11755760: 14270497: getdomainname(0xF0409B88, 1024) = 0
11755760: 14270497: getdomainname(0xF0409B88, 1024) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: getsockopt(3, 65535, 4104, 0x2FF2047C,
0x2FF20478) = 0
11755760: 14270497: connext(3, 0xF03AC0E0, 16) = 0
11755760: 14270497: send(3, 0x2FF20968, 25, 0) = 25
14250080: 5857369: _select(6, 0x2001F898, 0x00000000, 0x00000000,
0x00000000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) = 0
11755760: 14270497: close(3) = 0

(then the pause occurs and we get this)
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0F0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0E0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0F0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0E0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 10000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 10000) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0F0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 10000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 10000) = 1
11755760: 14270497: nrecvfrom(3, 0x2FF21B18, 1024, 0, 0x2FF20618,
0x2FF204E8) = 25
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: sendto(3, 0x2FF20968, 25, 0, 0xF03AC0E0, 16) =
25
11755760: 14270497: _poll(0x2FF204F8, 1, 20000) (sleeping...)
11755760: 14270497: _poll(0x2FF204F8, 1, 20000) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: socket(2, 2, 0) = 3
11755760: 14270497: getsockopt(3, 65535, 4104, 0x2FF2047C,
0x2FF20478) = 0
11755760: 14270497: connext(3, 0xF03AC0E0, 16) = 0
11755760: 14270497: send(3, 0x2FF20968, 44, 0) = 44
11755760: 14270497: _poll(0x2FF204F8, 1, 5000) = 1
11755760: 14270497: nrecvfrom(3, 0x2FF21B18, 1024, 0, 0x2FF20618,
0x2FF204E8) = 96
11755760: 14270497: close(3) = 0

(then after the pause ends the process continues as normal)
11755760: 14270497: open("/etc/hosts", O_RDONLY) = 3
11755760: 14270497: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25
ENOTTY
11755760: 14270497: kfcntl(3, F_SETFD, 0x00000001) = 0
11755760: 14270497: kioctl(3, 22528, 0x00000000, 0x00000000) Err#25
ENOTTY
11755760: 14270497: kread(3, " # @ ( # ) 4 7\t 1 . 1".., 4096) =
2250
11755760: 14270497: kread(3, " # @ ( # ) 4 7\t 1 . 1".., 4096) = 0
11755760: 14270497: close(3) = 0
11755760: 14270497: getuidx(2) = 0
11755760: 14270497: getuidx(2) = 0
[...]

So it appears to be hung communicating to some network or unix socket?

Regards,

David

listbounce@securityfocus.com wrote on 24/06/2008 01:44:28 AM:

> Do you also experience delay in nslookup query after login?
>
> Edward
>
>
>
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]

On
> Behalf Of David R Green
> Sent: Monday, June 23, 2008 1:15 AM
> To: Joseph Spenner
> Cc: secureshell@securityfocus.com
> Subject: Re: ssh connection pause
>
> Hi Joseph,
>
> Thanks for your reply. I have two working nameservers defined in

/etc/resolv.conf.
>
> I should mention that these AIX servers were successfully running

openssh 4.5.
> It's only since the upgrade to 4.6 that the connection pause occurs.
>
> Regards,
>
> David
>
>
> listbounce@securityfocus.com wrote on 21/06/2008 07:11:42 AM:
>
> >
> > --- On Thu, 6/19/08, David R Green wrote:
> >
> > > Hi, sorry if I've sent this to the wrong list.
> > >
> > > I'm having a strange issue where establishing an SSH connection to
> > > an AIX box running openssh v4.6 pauses for approximately 30 seconds
> > > during the connection process (I have UseDNS set to no).
> > >
> > >
> > > Has anyone seen this before? Any help would be appreciated.
> > >
> > >
> > > Regards,
> > >
> > > David Green

> >
> > Do you have nameservers defined in /etc/resolv.conf on the server?
> > If not, put a nameserver in there.
> >
> >
> >
> >

>