SSH logout delay after upgrade to SLES 11 SP2

This document (7010334) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2
openssh

Situation

When root user is connected to a SLES 11 SP2 system via ssh, then logs out (exits), a delay (usually 30 seconds) occurs before the session fully closes.

Resolution

The delay is due to a DNS query that is not being answered, and it takes 30 seconds for ssh to decide a time-out has occurred, and give up waiting.  The DNS query in question is being generated by the audit package, which sshd is compiled to use.
 
A change has been made to the audit package to correct this situation.  Therefore, the recommended solution is to update the "audit" package (and audit-libs) to v 1.8 or higher.
 
If that update cannot be made right away, there 2 two optional workarounds:
  
a.  DNS configuration:  The SLES 11 SP2 sshd server can be configured to more successfully talk with DNS.  Check to make sure that the /etc/resolv.conf points to valid DNS servers.  Even then, however, the problem can still occur.  If the DNS server in question is configured to forward queries on to other DNS servers, but doesn't not have the ability to talk to root DNS servers on the internet, the delay will still occur.  DNS servers could be configured to *not* forward queries (thereby answering negatively right away, rather than wait), or any firewalls or other problems blocking the DNS from talking to the internet can be tracked down and resolved.
 
b.  SSH software update and configuration:  Make sure that your openssh package version is at least 5.1p1-41.55.1.  This is available in the SLES 11 SP2 update channel.  Then set "UseDNS no" in /etc/ssh/sshd_config in order to prevent the query from happening.  The openssh update by itself or the setting by itself will not be enough to avoid the problem.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010334
  • Creation Date: 28-Jun-2012
  • Modified Date:12-Oct-2022
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center