🟡 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 10.0 RHEL 10.1

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

SSH sessions pause for several seconds before password or key prompt appears.

Environment & Reproduction

Common on hosts with unreachable reverse DNS and interface-to-zone drift.

time ssh user@host

Root Cause Analysis

UseDNS lookups and firewalld zone policy mismatch increase handshake latency.

Quick Triage

Inspect sshd, resolver behavior, and firewall zone bindings.

systemctl status sshd
firewall-cmd --get-active-zones
getenforce
journalctl -u sshd -n 80 --no-pager
dnf list installed openssh-server

Step-by-Step Diagnosis

Trace DNS timing and verify interface placement in expected zone.

dig -x  +time=1 +tries=1
grep -E '^UseDNS|^GSSAPIAuthentication' /etc/ssh/sshd_config
firewall-cmd --zone=public --list-interfaces
Illustrative mockup for rhel-10 — sshd_login_delay_diagnostics
Slow SSH login diagnostics — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Disable unnecessary reverse DNS, align zones, and reload sshd/firewalld.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo sed -i 's/^#?UseDNS.*/UseDNS no/' /etc/ssh/sshd_config
sudo firewall-cmd --permanent --zone=public --add-interface=eth0
sudo firewall-cmd --reload
sudo systemctl restart sshd
Illustrative mockup for rhel-10 — sshd_login_delay_fixed
Fast SSH authentication after DNS and zone fix — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Fix authoritative PTR records instead of disabling DNS checks in strict environments.

# Update DNS zone with correct PTR records
sudo systemctl restart named || true

Verification & Acceptance Criteria

SSH prompt appears quickly and auth logs show no timeout warnings.

time ssh user@host exit
journalctl -u sshd -n 30 --no-pager

Rollback Plan

Restore prior sshd config and firewall interface mapping.

sudo cp /root/backup/sshd_config /etc/ssh/sshd_config
sudo firewall-cmd --permanent --zone=public --remove-interface=eth0
sudo firewall-cmd --reload

Prevention & Hardening

Include SSH latency checks and zone validation in baseline health probes.

Related to SSSD delays, DNS search-path timeouts, and GSSAPI fallback lag.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

OpenSSH server tuning and firewalld zone design guidance for RHEL.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.