Packet Analysis for Troubleshooting-SSH server slow response

On By insidepacketIn Packet

Symptom: customer complains about slow response to SSH server running on one Centos box

Method: perform packet capture on the SSH server.

Finding: DNS query fails during establishing SSH session

When folllow the TCP session for SSH login packet caoture, see the below:

ssh1

During packet 17 and 24, there is about 10 seconds gap.

Go back to the whole packet capture, find the below between packet 17 and 24. We can see multiple DNS query but no response

ssh2

After checking the Linux/Centos doc, we found that SSH server by default will check the DNS for the source IP of ssh client before the SSH session can be established. The DNS query failure introuduces the 10seconds delay before the SSH server responses to the client

Temp fix: disbale DNS query in the sshd_config.

UseDNS no

Long term fix: fix the DNS query issue.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s