Disabling reverse dns lookups in ssh

In Networking by Murat Demirten over 6 years ago 1 Comment

Sometimes it is very annoying to wait ten's of seconds to finish remote ssh server's reverse dns lookup procedure. It can be disabled on the server side but this process has a few tricks.

First of all, you can make "UseDNS no" in /etc/ssh/sshd_config file, default answer is yes and if this line not shown in your config file, just add it to as below:

UseDNS no

This directive tells sshd process to check resolved host name for the connected client's ip address maps back to the very same ip address or not.

However, it does not prevent the sshd server from performing any DNS lookups at all. That's not the purpose of that directive.

In order to remove dns lookups completely, you have to use -u0 options when starting sshd server. You can easily add this options to /etc/default/ssh or /etc/sysconfig/sshd or elsewhere suitable for your distribution.

-u0 option's means that it will not put hostnames into the utmp structure (i.e. what you see when you type "who" at the shell prompt), which means that sshd will not perform DNS lookups for that purpose. However there are still cases where a lookup has to be performed when a user has


like entries in his authorized_keys file, or when authentication methods or configuration directives are used that involve hostnames.

The problem has to do with both sshd (server side) and ssh (client side), learned in a hard way! I recently bought a desktop PC and installed Fedora core 22. Everything is fine except ssh into this PC from my Ubuntu laptop will take tens of seconds. I followed the steps as in this post but the problem persists. Turned out my client side is doing some DNS request too (found it by doing "strace -o tmp.txt ssh ssh@Ip_of_new_pc"). After I added an entry " xpshost1" to my file /etc/hosts, ssh into the desktop PC is really fast!
You must be login first or sign-up for an account to post comments.