All Products
Search
Document Center

:Using UseDNS to enable SSH slows down SSH logon or data transfer

Last Updated:Mar 31, 2022

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

Problem description

For Linux-based instances, access to the SSH service through the Internet or data transmission is very slow, as is even access to the Internet or data transmission.

Cause

This problem may be caused by the SSH service enabling the UseDNS feature.

Solution

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • If you modify the configurations and data of instances including but not limited to ECS and RDS instances, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.
  1. Log on to a Linux instance. For more information about how to log on to a Linux instance, seeconnect to a Linux instance by using a management terminal.
  2. Run the following command to view the file /etc/ssh/sshd_config:
    cat /etc/ssh/sshd_config
    Confirm that the output contains content similar to the following.
    UseDNS yes
  3. We recommend that you perform file backup before you modify the policy configuration.
  4. Use an editor such as vi to delete the policy configurations. You can also comment out the policy configurations and add # .
    # UseDNS no
  5. Run the following command to restart SSH so that the configuration takes effect.
    service sshd restart

References

  • The UseDNS feature is a security enhancement feature of SSH. It is not enabled by default. After reverse lookup is enabled, the server performs a reverse DNS PTR query based on the client IP address to obtain the host name of the client. Perform A DNS forward A record query based on the obtained client host name. Check whether the obtained IP address is consistent with the original IP address to prevent client spoofing.
  • Generally, the client uses a dynamic IP address and does not have a PTR record. When this feature is enabled, it is not available for information comparison. On the contrary, the latency increases due to the increase in related query operations, which slows down client connections.
  • If the problem persists, seeguidelines for troubleshooting failure to remotely log on to a Linux instance through SSH for further troubleshooting and analysis.

Application scope

  • ECS