FreeBSD-11.1 Jails and SSL

Ernie Luzar luzar722 at gmail.com
Thu Jul 19 20:59:15 UTC 2018 

James B. Byrne via freebsd-questions wrote:
> I notice a distinct delay when connecting to a jail using ssh.  There
> is no delay when I connect to the jail's host.  The jail is running
> local_unbound and sshd_config contains the same settings as the host,
> with the necessary changes for the service IP and such.
> 
> I ran ssh with -vv and the connection is instantaneous up to this point:
> 
> . . .
> debug1: SSH2_MSG_NEWKEYS received
> debug2: key: /root/.ssh/id_rsa (0x80208e200)
> debug2: key: /root/.ssh/id_dsa (0x0)
> debug2: key: /root/.ssh/id_ecdsa (0x80208e180)
> debug2: key: /root/.ssh/id_ed25519 (0x80208e040)
> debug1: SSH2_MSG_EXT_INFO received
> debug1: Fssh_kex_input_ext_info:
> server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> 
> Then there is a long delay (~18s) after which the pre login text appears
> 
> !Warning!! -	Any deliberate attempt to access this resource without
>                 legitimate authorization is a criminal offence
>                 (R.S.C. 1985, c. C-46 - Section 342.1).
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /root/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
> debug2: input_userauth_pk_ok: fp
> SHA256:cJBXJBwve7zD8D1AM24vWsFYwrhz68ntuYbEiaxLp94
> 
> Then another delay of approximately 13s before the login prompt appears.
> 
> Connecting to that jail's host exhibits no delay whatsoever.  The
> uptime counts on both the jail and the host are similar.
> 
> Jail: 4:08PM  up 15 days,  5:25, 1 users, load averages: 0.28, 0.43, 0.41
> 
> Host: 4:09PM  up 15 days,  5:26, 2 users, load averages: 0.32, 0.42, 0.41
> 
> What is the reason for the dependency in the connection times?  How is
> it fixed?
> 

I login into my jails using ssh all the time without any
problems. local_unbound means local as on the host not a jail. Disable 
local_unbound in the jail and ssh to the jail will work as intended.

More information about the freebsd-questions mailing list