WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] VM slow after being unused for a while

you're right.

:-)


--------------------

Itamar Reis Peixoto

e-mail: itamar@xxxxxxxxxxxxxxxx
msn: itamarjp@xxxxxxxxxxxxx
skype: itamarjp icq: 81053601
+55 34 3238 3845
+55 11 4063 5033


From: "Nico Kadel-Garcia" <nkadel@xxxxxxxxx>
To: "Itamar Reis Peixoto" <itamar@xxxxxxxxxxxxxxxx>
Cc: "Nasse Gris" <nassegris@xxxxxxxxx>; <xen-users@xxxxxxxxxxxxxxxxxxx>
Sent: Saturday, May 12, 2007 6:15 AM
Subject: Re: [Xen-users] VM slow after being unused for a while


Itamar Reis Peixoto wrote:
try to edit /etc/ssh/sshd_config
and change UseDNS to NO restart ssh server -------------------- Itamar Reis Peixoto
Unfortunately, that argument doesn't do what you think it does. And it confuses a lot of people!

Here's the situation at least up through OpenSSH 3.9p1.

OpenSSH, for logging purposes, does a reverse DNS on any contacting IP address. The UseDNS option says whether to verify that the reverse DNS matches a valid forward DNS for that host. But disabling UseDNS does *NOT, NOT, NOT* turn off the reverse DNS lookup! Any number of us have submitted patches for this over the years: I submitted some when I dealt with large remotely deployed networks. (When you manage thousands of machines deployed in data centers all over the world, you can be absolutely certain a lot of them will not have valid reverse DNS, or even have DNS working properly, and you need to be able to log in quickly in a crunch.)

The option you need is in your sshd init script. You need to use the additional options "-u 0", to set the namelength of the recorded DNS entry to 0 so that the reverse DNS isn't actually done. (Why the SSH authors think setting an arglength to 0 should cause undocumented behavior and not throw an error, instead of obeying the UseDNS option in the configuraton file more correctly, I leave to people who think the "chroot" option of OpenSSH actually means a chroot cage for SSH users to protect them from accessing the filesystem outside their home directory. It doesn.t.)

I like OpenSSH, I use it a lot, but I've disagreed volubly with the authors on a few points over the years. This is one of them.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users