Using the remote shell tool SSH login to the Linux host, the user name after the return to the card, 10 seconds after the prompt to enter the password.
Use Wireshark to catch the whole process package
Because SSH is an encrypted protocol, it is not understood that the content is normal, but can be filtered.
Filter Bar: SSH
Find the time interval of about 10s No. is x to Y
Filter Bar: Frame.number>x&&frame.number<y
It is observed here that DNS query behavior
Cause: When an SSH access request is received by the Linux server, the corresponding PTR record for that client IP is queried first. If after 5s did not receive a reply, once again sent a query, if again over 5s or did not receive a reply, completely abandon the query.
Workaround: Add a PTR record on the DNS server. test again, found that the 10s of the cotton has a, very magical 484.
Problem locator: SSH DNS
There are related configurations in/etc/ssh/sshd_config:
Cat/etc/ssh/sshd_config | Grep-i Usedns
#UseDNS Yes
Change it to no to query the SSH visitor's PTR record
Using the remote shell tool SSH login to the Linux host, the user name after the return to the card, 10 seconds after the prompt to enter the password