SSH Login takes much time to ask password...

Hi guys,

My problem is that I need to wait at least 30 seconds for password prompt in SSH logins.

When I go directly to my host address via SSH clients(say, putty), I am immediately asked to prompt username. Even though, I submit my username correctly, the server does not respond to ask password for at least half a minute. After then, I can enter my password.

Previously, I installed Webmin but the delay was as it should be there, just a few seconds… I think, there is something different in Virtualmin that causes this delay. I’ve installed Virtualmin three times on fresh OSs, but nothing has changed. I haven’t also found a setting about it in the SSH Server configuration…

What can I do? Any help will be appreciated…

Ismet

P.S. I use Virtualmin GPL on Debian 4.0

Virtualmin has nothing to do with SSH.

Usually this is caused by slow or broken DNS on the server. SSH, by default, tries to lookup your hostname when you connect…if that fails, or is slow, it will lead to a long delay in connecting.

Hey Joe,

I did already think the same, so I don’t use hostNAME but hostIP for SSH connection in order to prevent potential lookup problems. On the other hand, the server-client connection speed is fair enough, that’s why I don’t encounter any delays after the authentication.

As I said before, this problem occurs only when Virtualmin is installed. Webmin is OK!

Does Virtualmin manipulate SSH? I don’t think so, either. Frankly speaking, I don’t know what to think and what to do! :slight_smile:

No, I don’t mean on your client. Has nothing to do with your client. Reverse lookups (from IP to hostname) or slow or failing on your server. Whether you use an IP or hostname to connect is irrelevant.

Try a reverse lookup of your IP on your server:

host 192.168.1.1

(Where 192.168.1.1 would be whatever your client IP address is.)

Again, Virtualmin has nothing to do with SSH. Seriously. Believe me. I wouldn’t lie to you. “Webmin is OK” makes no sense in this context. Webmin and Virtualmin are the same server, and neither has anything to do with SSH (though you can configure SSH with Webmin, it doesn’t do anything to SSH on its own…and Virtualmin can’t do anything with SSH at all…it simply doesn’t have any hooks into the Webmin SSH module and doesn’t touch the running ssh daemon for any reason or in any way).

DNS is the problem. Do DNS lookups work on the system? If not, DNS needs to be fixed.

Oh, I see what’s happening now.

When you run install.sh it adds an entry to resolv.conf to use localhost as a resolver. Usually, this "just works", but I guess for whatever reason, the local DNS server is unable to satisfy requests–maybe a firewall is preventing recursive lookups, I dunno. You may need to add forwarders to your DNS server configuration on the system.

The latter you said seems reasonable at first glance. However, I could not make it work even I played with DNS configurations, such as entering IP addresses for "Servers to forward queries to"; changing the answer for "Lookup directly if forwarders cannot?" as Yes or No; removing the localhost line in the resolv.conf, etc. Of course, I restarted the DNS server for each combination. No way!

Afterwards, I started thinking that DNS lookups would not have been the case here because it does not matter whether DNS server is available(even installed) when you connect to server via SSH by using server IP address.

Anyway, if you are interested, my reverse lookup is something like the following:

host my.ip.add.ress

Name : ns1.mydomain.name
Address : my.ip.add.ress

OK! I’ve found a solution. The nightmare is over. :slight_smile:

For the people having slow SSH login, here is what you need:

> OPEN /etc/ssh/sshd_config
> ADD "UseDNS no"
> SAVE it
> RESTART the ssh server

That’s it! The SSH login will work like a charm and be faster than ever.

Hey Joe, you were right. That is to say, this solution showed that the problem was DNS. I should not have questioned your knowledge, you are the Virtualmin Hero. :wink:

Hey Joe, you were right.

I know. But, I’m glad we can all agree. :wink:

Hi,
I have experienced the same issue and found another solution.

You have to remove this line (nameserver 127.0.0.1 ) from this file /etc/resolv.conf
Do a reboot.

This change will make the PC to use the correct DNS, which will resolve the hostname correctly on the local network, but not trying to resolve it using Internet (external services).

Good luck!
Roman