SftpClient.Connect() slow about ssh.net HOT 14 CLOSED

Does your server try to do DNS on connect?

See: http://superuser.com/a/359345

With UseDNS:

$ time ssh test "exit 0"

real    0m5.471s
user    0m0.022s
sys 0m0.011s

With UseDNS no:

$ time ssh test "exit 0"

real    0m0.343s
user    0m0.032s
sys 0m0.000s

from ssh.net.

@darinkes thank you for the swift reply! Appreciate it!

Thank you for the information. With that, I'm gonna immediately contact our server admin to confirm that setting. I'll get back to you with updates.

Also, in the link you provided, there is a comment on the answer stating, "Is there no security implication of doing this?"

Given that, is security compromised on the tweak?

Again thank you.

Cheers,

from ssh.net.

You can also add a /etc/hosts entry for your client or configure your DNS to give a fast&valid response for your client.

I don't think there should be any security compromised.

fwiw: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/424371/comments/11

So newer Ubuntu Versions use the new "UseDNS no" default.

from ssh.net.

You can also add a /etc/hosts entry for your client.

• Are you pertaining to the 'hosts' file (C:\Windows\System32\drivers\etc) on my machine? If yes, what should I do? Do I have to add the SFTP server?

I don't think there should be any security compromised.

• Okay then, I'm good on this one. Thank you for the information.

Cheers,

from ssh.net.

I mean the /etc/hosts on the server, which does the reverse dns lookup.

from ssh.net.

UseDNS Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is "yes".

• Noted on this! This is the behavior mentioned in the previous link you've sent right? That reverse lookup thing? Got their main objective here, but it's a pain in the ass for SFTP connections. Not a security threat though so safe to update from "yes" to "no".

Thank you for this!

from ssh.net.

@darinkes currently editing ssh_config based on the link. Do we have to restart something, or no need to restart?

from ssh.net.

you have to edit sshd_config and restart the ssh server.

from ssh.net.

@darinkes noted on this!

Already talked to our admin. Unfortunately, he didn't want this approach, to tweak the server? If the enhancement is on the application, it should be contained in the application alone.

Given that, are you familiar with other .NET libraries used for SFTP connection? I'm currently using Renci.sshhet. In production in Rebex. Both of them are slow, so hoping that there are other libraries that you can suggest to me. Thanks!

Cheers,

from ssh.net.

If it is the DNS, there is nothing you can do on the client side!
The server wants to resolve your hostname and waits for a response or timesout.
This timeout can take a while.

It's no tweak IMHO. Just fixing a wrong setup. If you tell a service to do DNS and there is none, your setup is wrong :)

Can you setup your own Ubunut VM with a correct configured SSHd for development/testing?
Maybe this will persuade your admin.

from ssh.net.

Okay then. Noted on the details. As much as I want to apply this, I have no power like Tony Stark has to enforce it :)

Anyway, good suggestion. I'll just be setting up an Ubuntu VM on my end for testing. Hope this seals the deal :)

I'll get back to you on this. Thank you again @darinkes :)

Cheers,

from ssh.net.

Cool! Report back if your issue with SSH.NET was becaused of the server. Then this issue can be closed.

Greetz

from ssh.net.

@mtorres0612 Let me know if I can close this issue.

from ssh.net.

No feedback.

from ssh.net.