• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1980
  • Last Modified:

take a long time to login to vsftp server

Hi all,

I'm using FC7 with vsftp.

A big problem is when user login to my server, after they enter a password, they need to wait a very long time to login. I disabled SELinux but still same.
After login, everything works fine.
Any one have idea that can let user immidiate login after they enter password?
Thanks a lot!!
0
ubspress
Asked:
ubspress
  • 5
  • 3
  • 3
1 Solution
 
nociSoftware EngineerCommented:
There might be problems with resolving network addresses to names.
If an ident call is done by the server to the client (not exactly needed or useful) it might add to the network setup time.

the ftp server setup is probably to blame.
if you do want logging with machine names check the DNS config so that it resolves
the reverse also.
0
 
Gabriel OrozcoSolution ArchitectCommented:
try adding:

 UserReverseDNS  off

To vsftpd.conf
reference:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/FTP/Q_22795404.html
0
 
ubspressAuthor Commented:
After i add UserReverseDNS  off to vsftpd.conf, I can not start vsftpd. seems  UserReverseDNS  off is not an option of vsftpd....

The problem still not solved...
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
Gabriel OrozcoSolution ArchitectCommented:
my mistake

try without the "r"

UseReverseDNS  off
0
 
Gabriel OrozcoSolution ArchitectCommented:
in fact, please use these two:

UseReverseDNS off
IdentLookups off
0
 
Gabriel OrozcoSolution ArchitectCommented:
this FAQ say it can have something to do with PAM on some platforms... please check it
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.3/FAQ
0
 
ubspressAuthor Commented:
Both "UseReverseDNS off" and "IdentLookups off" can not work.
The vsftpd can not start with error code 500. OOPS: unrecognised variable in config file.

My user can login, but need to wait a very long time to wait for the login.

Problem still not solved...
0
 
nociSoftware EngineerCommented:
An identlookup can take 2 minutes to timeout if it is filtered on some firewall in stead of rejected [ if used used]
An DNS lookup failing will mostly be in the range of 30 seconds per configured DNS server.

Those lookups are not necessary, identlookups are hardly trustworthy.
It is along the systems that connects that tells the FTP server the username of the user that wishes to connect. But that system can be tell anything it wants, possibly the truth.

Reverse DNS, there are some countries around the pacific ocean that have no support for reverse DNS. (i.e the resolution of PTR records in the <address bytewise reversed>.in-addr.arpa zone).

The trick is to not ask the questions for answers you won't need anyway, then there is no wait penalty.

In the manual page of the product i cannot see the above mentioned variables.
0
 
Gabriel OrozcoSolution ArchitectCommented:
pretty bad I picked up these options from a google search on vsftpd.conf

but from the man page
15.5.1. Daemon Options
# listen_ipv6  When enabled, vsftpd runs in stand-alone mode, but listens only to IPv6 sockets. This directive cannot be used in conjunction with the listen directive.
The default value is NO.

# session_support  When enabled, vsftpd attempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). Refer to Chapter 16 Pluggable Authentication Modules (PAM) for more information. If session logging is not necessary, disabling this option allows vsftpd to run with less processes and lower privileges.

The default value is YES.    <-------- CHANGE TO NO AND TEST

it is also advisable to check if your server's dns can resolve reverse dns from your client
0
 
ubspressAuthor Commented:
problem solved.
the problem arised due to DNS. I did not set the nat out on my firewall.
so either I remove my pri/sec dns or add a nat out and should work..
thanks for everyone contribution
0
 
nociSoftware EngineerCommented:
#20757645 should have started the path leading to DNS problems, but was not followed up onto on EE.
The problem will still not be resolved for some parts of the world this way.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now