I made some changes to my firewall (blocking outside dns and forcing it through my dns server), and I think that may be related to why it takes a minute to connect to user@192.168.1.2? See output -vvv in the pastebin. I tried googling the part where it gets stuck and I'm stumped. UseDNS is set to no.
https://pastebin.com/WMAyrnv1 <--Log here, I've noted where it gets stuck
Edit: Updated Pastebin link with some information.
Where does it get stuck? It might be the reverse resolving. Once you login into 192.168.1.2 try to resolve the ip you came from:
host origin_ip
You can get the origin_ip with one of these:
echo $SSH_CLIENT
echo $SSH_CONNECTION
If that takes a long time, you know what the problem is. You could then add the reverse zone to your DNS or set UseDNS to "no" in sshd_config.
Found my answer in another post- https://serverfault.com/questions/792486/ssh-connection-takes-forever-to-initiate-stuck-at-pledge-network
changed UsePAM from yes to no in sshd_config file
real 0m2.013s user 0m0.006s sys 0m0.004s `
– 19wolf Sep 22 '19 at 12:06ssh -4 user@192.168.1.2work as expected? If not, you might want to check why is my ssh login slow?. – Eduardo Trápani Sep 22 '19 at 16:29ssh -4 user@192.168.1.2is considerably faster, but still takes 20 seconds, which is much longer than normal (1-2s).UseDNSis already set tonoas suggested in the linked post. – 19wolf Sep 22 '19 at 22:57UseDNS nois ignored if you have a host.deny file. Also, since you "blocked outside DNS", check that /etc/resolv.conf doesn't list anything outside of your network, because that would create a delay. Maybe a tcpdump/wireshark on the outgoing interface of 192.168.1.2 can give you more info. Hard to solve with the information given, but likely a DNS issue, so you can filter for UDP port 53. – Eduardo Trápani Sep 22 '19 at 23:24UsePAMtono. But yeah, I still think it is related to blocking port 53 to anywhere that isn't my PiHole. – 19wolf Sep 22 '19 at 23:35