[PLUG] unusually slow ssh connection
Bryan Murdock
bmurdock at gmail.com
Mon Oct 18 21:39:01 UTC 2004
On Mon, 18 Oct 2004 14:25:29 -0700 (PDT), Paul Heinlein
<heinlein at madboa.com> wrote:
> On Mon, 18 Oct 2004, Bryan Murdock wrote:
>
> > I ssh'ed from work into my home box just now and the connection
> > seemed really slow. My first instinct was to browse the logs and I
> > found about a million attempts to log into my box like this one:
> >
> > Oct 18 07:39:13 murdockfamily sshd(pam_unix)[11742]: authentication
> > failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> > rhost=210.116.107.105 user=root
> > Oct 18 07:39:15 murdockfamily sshd[11742]: Failed password for root
> > from ::ffff:210.116.107.105 port 42409 ssh2
>
> This sort of attempt at breaking in via weak ssh passwords is, sadly,
> all too common. You can reduce the number of incidents by running ssh
> on a non-standard port (personally, I like port 222).
Not a bad idea. I'll look into this...
>
> The only other alternative of which I'm aware is to block inbound ssh
> packets from certain IP blocks; tcp_wrappers or iptables can
> accomplish this. I've not taken that route, however, because I like
> the idea that I can ssh into my machines from anywhere on the
> Internet.
>
> > This was all around 7 am this morning, none lately. Would a bunch
> > of failed attempts like this cause any slowdown hours later? Is
> > there something else going on here?
>
> It could be slow or badly configured DNS. If you login to your system
> and type "host some.fqdn" (where 'some.fqdn' == an obscure Internet
> hostname that's unlikely to be cached on your system), does host
> return a hostname quickly?
It did return quickly at the time, so I don't think it was DNS. The
slowness went away after a little while too (unfortunately? makes it
hard to debug anyway...). Some quircky thing I guess.
Thanks for the lighting-quick replies! Sorry I'm so slow in mine.
Bryan
More information about the PLUG
mailing list