BestHub
Sign in
Operations 6 min read

Why SSH Waits 10 Seconds for Password Prompt and How to Fix It with Wireshark

When logging into a Linux server via SSH, users may experience a ten‑second pause after entering the username because the server performs a reverse DNS lookup on the client IP, which can be resolved by disabling UseDNS or adding the appropriate PTR record.

ITPUB
ITPUB
ITPUB
Why SSH Waits 10 Seconds for Password Prompt and How to Fix It with Wireshark

Several readers reported that after typing their username during an SSH login to a Linux server, the client hangs for about ten seconds before the password prompt appears. The delay is caused by the server trying to resolve the client’s IP address to a hostname via a reverse DNS (PTR) query.

Reproducing the Issue with Wireshark

To investigate, capture the network traffic on the server while reproducing the login:

Start a packet capture on the Linux server.

From a laptop, SSH to the server and press Enter after typing the username.

Wait roughly ten seconds until the password prompt is shown.

Stop the capture.

Filter the capture for SSH traffic (e.g., ssh) to isolate the relevant packets. In the example, packet 21 and packet 25 are separated by exactly ten seconds.

Further filtering (e.g., frame.number > 21 && frame.number < 25) reveals that during the gap the server sends two DNS queries for the PTR record of the client IP 10.32.200.23. Because the DNS server lacks this PTR record, each query times out after five seconds, accounting for the ten‑second delay.

The server’s behavior can be summarized as:

Upon receiving an SSH connection, it performs a reverse DNS lookup of the client IP.

If no reply is received within five seconds, it retries once.

If the second attempt also fails, it gives up on the lookup and proceeds.

Adding the missing PTR record to the DNS server eliminates the delay. After creating the PTR record for 10.32.200.23, the login proceeds immediately, as shown by the subsequent capture where packets 21 and 26 occur back‑to‑back.

Fixing the Problem

The reverse‑DNS lookup is controlled by the UseDNS option in /etc/ssh/sshd_config. By default it is set to yes:

[root@Linux_Server~]# cat /etc/ssh/sshd_config | grep -i usedns UseDNS yes

Changing the setting to no disables the lookup and removes the delay without needing to modify DNS records:

[root@Linux_Server~]# cat /etc/ssh/sshd_config | grep -i usedns UseDNS no

After restarting the SSH service, the login proceeds without the ten‑second pause.

This example demonstrates how a simple Wireshark capture can uncover hidden configuration issues, reinforcing the principle that practical skills often outweigh theoretical knowledge.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxDNSWiresharkSSHUseDNS
ITPUB
Written by

ITPUB

Official ITPUB account sharing technical insights, community news, and exciting events.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment