Packet Analysis for Troubleshooting-SSH server slow response

Symptom: customer complains about slow response to SSH server running on one Centos box

Method: perform packet capture on the SSH server.

Finding: DNS query fails during establishing SSH session

When folllow the TCP session for SSH login packet caoture, see the below:


During packet 17 and 24, there is about 10 seconds gap.

Go back to the whole packet capture, find the below between packet 17 and 24. We can see multiple DNS query but no response


After checking the Linux/Centos doc, we found that SSH server by default will check the DNS for the source IP of ssh client before the SSH session can be established. The DNS query failure introuduces the 10seconds delay before the SSH server responses to the client

Temp fix: disbale DNS query in the sshd_config.

UseDNS no

Long term fix: fix the DNS query issue.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s