NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Looking for thought on SSH performance on RN systems
Having issues with SSH connections on all the ReadyNAS systems running 6.10.10. The problem is all the connection stages take close to 2 minutes to complete. It's insane and I can't figure out why. ...
Thanks again StephenB. I did a bit more testing and found some interesting things...
first I was not too sure my PC wasn't a problem so I did some things to clear up some of the "questionable" networks stuff... removed npcap, unistalled wireshark, etc.
I found the password to banner did speed up which I found very odd as there's really nothing on the client side that should be affecting that. But the initial password challenge of 16 to display "password:" challenge was not acceptable.
So I dug a little deeper and looked at the ssh -vvv details a little closer. I found there was a 16 second (or so) timeout from when the client sends an authentication packet to when the server responds with the password challenge. The debug was helpful.
Looking online I see a common issue with this is a default setting to use DNS for something in this process which... doesn't make much sense unless some CA or other 3rd party is involved.... so I followed the advice of others and ignored the note at the top of the /etc/ssh/sshd_config and added this::
UseDNS no
I now get the password challenge immediately!!
One note on my setup, is my NAS devices are internal only so they couldn't reach an external NAS if they had to. I didn't run any tests to see if exposing them to the WAN would change the behavior, but for the knowledge of the greater good I may do that when I have a few minutes to spare.
Thanks for the suggestions and nudges in the right direction to find and remedy this problem!!
In the interest of discovery... confirmed, if the NAS can access the WAN (DNS really) the "UseDNS no" is not needed.
If the ReadyNAS systems are behind a firewall and only available to the LAN then yes, the "UseDNS no" makes a big difference in the authentication timing.
iceweasel wrote:
In the interest of discovery... confirmed, if the NAS can access the WAN (DNS really) the "UseDNS no" is not needed.
If the ReadyNAS systems are behind a firewall and only available to the LAN then yes, the "UseDNS no" makes a big difference in the authentication timing.
My own NAS are behind a NAT router, so they can connect to the internet, but not be reached over the internet. As I posted above, I am not seeing the authenication LAG that you were seeing before you made this change.
Well that's interesting! More interesting that when allowed to access the WAN the delay disappears, block WAN and the delay reappears. I wonder what's different. Maybe different version of ssh server? EDIT: reread your NAS is behind the router but can reach the WAN but not be reached from an external connection? That would make sense why yours works, mine cannot access the WAN nor be accessed from the WAN. These are LAN only until I open them up to poll for updates.
I'm now back on the original task which exposed this and need to figure out a way to recover a file which was accidently deleted from both a local copy on a laptop and the original on the NAS. The local copy can't be recovered and at this point I'm expecting the RAID can't be configured so I can try some other linux options. I'm also assuming (because I can't find it listed) the filesystem may be a custom netgear brew.... think I just need to accept it's gone. =(
The OS6 file system is standard BTRFS on top of a standard MDADM RAID. If you've been using the snapshot capability of BTRFS, that's how you recover the file. If you've not, you are likely out of luck.
"XRAID" is not a unique file system. It's a set of rules and automations for managing BTRFS and MDADM at a level more users can understand. In earlier generations, XRAID used LVM.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
