Upgraded to leopard and now ssh is HORRIBLY slow

Yep, looks like dns issue for me here too. When I try to ssh to our institute's ssh server using single sign on, ssh sends out a bunch of SRV requests, the nameserver responds, ssh doesn't like it, issues another SRV request, nameserver responds (it's configured for round-robin load balancing) with a different host record, ssh doesn't like it, and so on until I've got Kerberos tickets for all of the darn ssh servers. Eventually it appears that it will resolve correctly and SSO like it's supposed to.

This whole thing should really only take about 1 second max. Now it's taking a minute or to, if it works at all.

Yes, I was having these same exact problems, and this thread gave me the info I needed for a workaround. My computer is behind a Motorola VoIP router and took a minute or 2 to ssh into the servers I need for work, when this issue didn't exist in 10.4.

Try using the OpenDNS servers as your DNS server in network prefs (208.67.222.222 and 208.67.220.220) ... it fixed my delay and now I can login quickly.

I should update my post and clarify that you don't explicitly need to use the OpenDNS DNS server, as I was able to use the IP of my ISP's DNS server and it worked fine. I think my particular issue was that for whatever reason, my default network settings in 10.5 thought that the dns server was the same IP address as the router's.

Using a script from this hint at macosxhints solved my slow ssh connections from dns problems.

AAAA records are name resolutions for IPv6. They're pretty much the equiv of A records for IPv4.

This was an issue with the initial release of Tiger as well. The resolver would try AAAA before A and have to wait for a timeout when hardly anyone is using IPv6 right now - esp over the Internet.

Well. It's not only SSH.

I am SSH'ing via IP address - very fast. However, I also connect to text-based games on port 4201.

Same thing as ssh - when I connect via name, it's slow. when I connect via IP address it's a fast connect (once connected, everything seems fine).

Please fix, Apple!

I can also confirm the slow SSH behavior reported. When running SSH with maximum verbose, SSH hangs on:
debug2: ssh_connect: needpriv 0

Then resumes on:
debug1: Connecting to xxx.edu xxx.xxx.xxx.xxx port 22.

I also see a lag when trying to remote login into my machine via SSH from other computers. A potential issue clouding this observed behavior is that my machine has two DNS names pointing to it from two different DNS servers; however, I have had this setup before with 10.3-4.x so this issue could also be a facet of the root ssh-dns problem discussed in this thread.

Possibly worth noting is that I can connect to an AFS share on my computer from other Macs on my university network without hardly any delay; here I am using the 'global' hostname for my server while connecting and not the Bonjour name.

Unfortunately changing the DNS servers does not work for me as it has for others. It appears that my university's network policy might be to prohibit use of non-university DNS servers, because when I change my DNS entries in System Preferences I can no longer resolve any domain names.

Please Apple, help if you can!!

Message was edited by: pwais

Message was edited by: pwais

Message was edited by: pwais

This page has some useful info on how to sniff port 53 and verify the Leopard is sending SRVs before A's..

http://blog.jungledisk.com/2007/10/31/leopard-dns-issues-and-work-around/

This same issue has been bugging me. I tried changing name servers in "/etc/resolv.conf" among other things. When I set my IP static instead of DHCP I would still have the issue only until I removed the search domain. So now I am able to use any DNS server but as soon as I put a search domain back in there I get the slow SSH again. I've reproduced this on 2 machines.

What I would like to do is enable DHCP again but remove the search domain after getting an IP. However you cannot do this, with DHCP enabled the DNS servers and search domain are shown but cannot be removed. You can remove by editing "/etc/resolv.conf" but that does not actually remedy the issue. The only way is via the network configuration panel. Does anyone know of a way to remove the search domain via terminal or some other app (while still leaving DHCP enabled)? Thanks.

I had the same issue and this solved it: http://maestric.com/en/doc/fix-slow-ssh-connections-delays-on-mac-os-x

I am connecting from a Linux box to a 10.5 box. The sshd_config file on the 10.5 box was the only modifications needed for it to work.

Update Client Configuration

sudo vi /etc/ssh_config

Replace this line:
# GSSAPIKeyExchange yes

by:
GSSAPIKeyExchange no
Don't forget to remove the sharp!
Update Server Configuration

sudo vi /etc/sshd_config

Replace this line:
#UseDNS yes

by:
UseDNS no
Again, don't forget to remove the sharp. That's it !

I've been having this problem since I got my MBP with Leopard preinstalled, I dind't run migration wizard or anything from the old PowerBook. Mine is not a DNS or SRV lookup issue, as it is fast to connect. But once it's connected the echo is slow, if I do something like `ls -Rl` (at the root of a fairly deep directory structure with lots of files), the outputs scroll up at usual speed at first, and then it will pause, and then scroll up again, and repeat. Typing can be delayed too for a few seconds.

I don't use SSH as much as I used to, but this is still annoying.

Another thing I will add to this thread is that this only happens with wifi, and it happens at different locations (different network/access point). I use OpenDNS for all my connections, I just tried this with ethernet and SSH was fast and nice, but with wifi it's awfully slow.

Would appreciate any insights. Thanks!

WiFi is half-duplex, most other modern networking is full-duplex. In other words, WiFi can't send and receive at the same time, so receiving stops briefly when an acknowledgement is being sent.

LOL, I used to work at atheros so I know what WiFi is, and it is not the problem. I have been on wifi pretty much exclusively and did a lot of work over SSH in the past and had no speed issues until Leopard.

Anyway, I just upgraded to 10.5.3, and the problem went away! Woohoo!

This solved my issue. My setup is pretty simple -- just two computers behind a Linksys wireless G router -- so I imagine this is probably the best solution for most simple cases. If you have a Linksys router, you can go to the Status tab to see what your DNS servers are, and then (assuming that your network connection is set to be configured "Manually"), add DNS servers, separated by a comma.

actually I spoke too soon, ssh was snappy for a bit after the upgrade but it's still slower than should be. 😟