Monday 1 August 2011

Very slow log in to Solaris Server

Error keywords seen:  None - just exceptionally slow login

Operating System: Solaris variants

Software: default ssh daemon

Keywords:  solaris stop suppress reverse dns lookup ssh

I've googled many times to find the answer to this one, and read through many man pages.

It's very easy to discover that slow log ins are almost always due to sshd trying to do an nslookup on the login client.  This is a perfectly reasonable security measure, but if the lookup fails it can take a while to timeout, giving the impression that the login is very slow.  In Linux, you change sshd_config and add 'UseDNS no' - this I found recommended many times.

In Solaris, the answer is just as easy, though harder to find:

Add the following line to /etc/ssh/sshd_config:

LookupClientHostnames=no
Restart sshd:

svcadm restart ssh

Check that ssh is running okay - do this before you log out:
svcs -l ssh

If sshd is in maintenance mode, revert your changes and restart ssh:

svcadm clear ssh

Check your change for a typo, and debug as usual.

You should now be able to log in much faster.

1 comment:

Unknown said...

Thank you, as this resolved our issues as well.