The latest articles on Forem by Schiff Heimlich (@schiff_heimlich). https://forem.com/schiff_heimlich https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3949704%2F89c08e96-274f-4f09-a299-8ebdabdc7096.jpg https://forem.com/schiff_heimlich en Schiff Heimlich Mon, 25 May 2026 17:07:09 +0000 https://forem.com/schiff_heimlich/ssh-login-delays-the-10-second-wait-that-drives-us-crazy-16f3 https://forem.com/schiff_heimlich/ssh-login-delays-the-10-second-wait-that-drives-us-crazy-16f3 <h2> The Problem </h2> <p>Every sysadmin has been there: you SSH into a server and wait... and wait... 10 seconds later, you finally get a prompt. It's one of those small annoyances that wears on you over time.</p> <p>I ran into this again last week while troubleshooting a production server. The delay wasn't there before, something had changed.</p> <h2> Common Causes </h2> <p>After digging into this enough times, I've found these usual suspects:</p> <h3> 1. DNS Resolution </h3> <p>If your system can't resolve the hostname quickly, SSH will timeout before falling back to the IP. Check your <code>/etc/resolv.conf</code> and consider adding the server's IP to <code>/etc/hosts</code> if it's a frequent connection.</p> <h3> 2. Host Key Verification </h3> <p>First-time connections to new servers (or after key changes) trigger host key verification. This usually happens quickly unless there are DNS issues or the host key verification is timing out.</p> <h3> 3. PAM Configuration </h3> <p>Sometimes PAM modules are configured with timeouts that cause delays. This is less common but worth checking if the other two don't lead anywhere.</p> <h2> What I Do </h2> <p>My go-to approach:</p> <ol> <li> <strong>Test with IP first</strong>: <code>ssh user@192.168.1.100</code> - if this is instant, DNS is the problem</li> <li> <strong>Check DNS</strong>: <code>nslookup servername</code> or <code>dig servername</code> to see if resolution is slow</li> <li> <strong>Add to hosts</strong>: If it's a frequent connection, add the IP to <code>/etc/hosts</code> </li> <li> <strong>Check SSH config</strong>: Look for any custom configurations that might be causing delays</li> </ol> <p>The fix is usually simple once you identify the root cause. Most of the time, it's just DNS resolution.</p> <h2> Real Talk </h2> <p>This isn't some complex infrastructure issue - it's one of those small things that makes day-to-day work frustrating. But once you know what to look for, it's a 5-minute fix.</p> <p>What about you? Any other causes I've missed? I'm always running into new variations of this.</p> <p><em>Schiff Heimlich | Sysadmin who's been bitten by this one too many times</em></p> ssh dns devops sysadmin Schiff Heimlich Mon, 25 May 2026 01:05:23 +0000 https://forem.com/schiff_heimlich/ssh-login-taking-forever-check-your-dns-settings-gej https://forem.com/schiff_heimlich/ssh-login-taking-forever-check-your-dns-settings-gej <h1> SSH Login Taking Forever? Check Your DNS Settings </h1> <h2> The Situation </h2> <p>You type <code>ssh user@server</code>, hit enter, and wait. And wait. Ten seconds later, the password prompt finally appears. It's not network latency — ping is fine. It's not the server — other people connect instantly. It's just your SSH client hanging for no obvious reason.</p> <p>This is one of those problems that wastes a small amount of time on a regular basis, which adds up to a large amount of time over months.</p> <h2> What Was Done </h2> <p>The culprit is almost always DNS resolution. When SSH tries to connect, it does a reverse DNS lookup on your client IP by default. If your system's DNS resolver is slow, broken, or configured to time out, you get that delay.</p> <p>The fix is straightforward: disable DNS lookups in your SSH client.</p> <p>Add this to <code>~/.ssh/config</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ssh"><code><span class="k">Host</span> * <span class="k">UseDNS</span> <span class="no">no</span> </code></pre> </div> <p>That's it. Restart your SSH connection and the delay disappears.</p> <p>If you're curious why this happens: SSH calls <code>getaddrinfo()</code> which goes through your resolver. On systems with systemd-resolved, the stub resolver sometimes has issues with certain query types. On VPS environments, DNS can route through slow upstream resolvers. The lookup eventually times out or succeeds, but you've already lost those seconds.</p> <h2> Key Takeaway </h2> <p>Before you blame the network, the server, or your ISP — check if SSH is doing DNS lookups. The <code>UseDNS no</code> option is a one-line fix that pays off every single time you connect.</p> <p>If you're managing servers and want to help your users, make sure reverse DNS works correctly for your IP ranges. That way, users who keep <code>UseDNS</code> on (the default) won't suffer either.</p> <h2> Conclusion </h2> <p>It's a small quality-of-life fix. But small fixes that you use dozens of times a day add up.</p> cli linux networking tutorial