Subject: Re: ssh hangs for a while waiting to connect
To: Andrew Basterfield <list@lostgeneration.freeserve.co.uk>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 03/05/2002 17:40:37
In message <20020305223354.75667dea.list@lostgeneration.freeserve.co.uk>, Andre
w Basterfield writes:
>On Tue, 05 Mar 2002 16:59:06 -0500
>"Johan A. van Zanten" <johan@ewranglers.com> wrote:
>
>> I've seen similar delays. They only appear when using v2 of the SSH
>> protocol. v1 is fast. My initial theory is that the key sizes for v2 are
>> so large they outstrip the computational abilities of the slower
>> microSPARC (sun4m) CPUs.  I'd love come to a different conclusion and
>> have a more workable ssh v2 on my NetBSD machines.
>
>Err... I'm using an SS2 so that's another league behind sun4m.
>
>I get a delay of approx 3 seconds before password prompt on an
>AMD486DX4/100 using SSH2, according to some rough measurements I did a
>while back decoding mp3s the SS2 lags the 486 by approximately 30% (and
>that was with inline assember on the 486 and none on the SS2).
>
>I'm not saying this is accurate or authoritive but it doesn't account for
>100fold performance gap between the two.
>
>I can ssh from the NetBSD/sparc machine to the same machine's IPv4 DNS
>name using SSH2 and get a password prompt in approx 5 seconds. This is
>around the timeframe I would be expecting, based on the response time of
>the 486.
>
>I'm not at all convinced it is purely a performace issue, it just doesn't
>add up.

Can you run tcpdump on the network in question, to see what packets are 
emitted?  I see a long delay when running ssh to a 486/50 I have lying 
around, but this sounds worse.  I suspect a network cause, such as a 
DNS timeout or a fruitless attempt at a v6 connection.  You've 
obviously thought about some of that, too, but it might be worth 
looking at the wire to see what's actually happening.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com