Very slow SSh since upgrading machines to RELENG_4_8
Greg White
gregw-freebsd-stable at greg.cex.ca
Mon Sep 22 09:31:02 PDT 2003
On Mon Sep 09/22/03, 2003 at 04:39:58PM +0100, Pete French wrote:
> > This sounds suspiciously like DNS timing out. I seem to remember this is
> > due to the fact the default config of sshd now enables privilege
> > seperation. sshd chroots into /var/empty and therefore can't access
> > /etc/hosts, /etc/nsswitch.conf, /etc/resolv.conf etc.
>
> O.K., that sounds like its the problems - though doesnt explain why the
> timeout only occurrs between machines on the same subnet, rather than
> those on differing subnets. I'll give it a go. Possibly the split
> horizon DNS should be my best option, though its not something I;ve
> ever done before and am thus slightly reticent...
If you depend entirely on /etc/hosts for hosts on the same subnet, and
for DNS for hosts outside it, you'll see exactly this behaviour:
http://news.gw.com/comp.unix.bsd.freebsd.misc/189060
for starters.
/etc/hosts is not copied into the chroot environment.
Split horizon DNS is not all that tricky to implement, even with BIND.
:)
--
Greg White
More information about the freebsd-stable
mailing list