FreeBSD-11.1 Jails and SSL

James B. Byrne byrnejb at harte-lyne.ca
Thu Jul 19 20:12:07 UTC 2018 

I notice a distinct delay when connecting to a jail using ssh.  There
is no delay when I connect to the jail's host.  The jail is running
local_unbound and sshd_config contains the same settings as the host,
with the necessary changes for the service IP and such.

I ran ssh with -vv and the connection is instantaneous up to this point:

. . .
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /root/.ssh/id_rsa (0x80208e200)
debug2: key: /root/.ssh/id_dsa (0x0)
debug2: key: /root/.ssh/id_ecdsa (0x80208e180)
debug2: key: /root/.ssh/id_ed25519 (0x80208e040)
debug1: SSH2_MSG_EXT_INFO received
debug1: Fssh_kex_input_ext_info:
server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received

Then there is a long delay (~18s) after which the pre login text appears

!Warning!! -	Any deliberate attempt to access this resource without
                legitimate authorization is a criminal offence
                (R.S.C. 1985, c. C-46 - Section 342.1).
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug2: input_userauth_pk_ok: fp
SHA256:cJBXJBwve7zD8D1AM24vWsFYwrhz68ntuYbEiaxLp94

Then another delay of approximately 13s before the login prompt appears.

Connecting to that jail's host exhibits no delay whatsoever.  The
uptime counts on both the jail and the host are similar.

Jail: 4:08PM  up 15 days,  5:25, 1 users, load averages: 0.28, 0.43, 0.41

Host: 4:09PM  up 15 days,  5:26, 2 users, load averages: 0.32, 0.42, 0.41

What is the reason for the dependency in the connection times?  How is
it fixed?

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list