Timeouts and sluggish authentication with SFTP/SSH

[sheslostcontrol]

I'm using RHEL 5 and am experiencing increasingly lengthy authentication attemps over SSH and SFTP.

tail /var/log/secure
Sep 15 13:46:37 mybox sshd[4533]: Accepted password for sheslostcontrol from x.x.x.x port xxxxx ssh2
Sep 15 13:46:44 mybox sshd[4533]: pam_unix(sshd:session): session opened for user sheslostcontrol by (uid=0)
Sep 15 13:46:56 mybox sshd[5824]: subsystem request for sftp
Sep 15 13:47:31 mybox sshd[4533]: pam_unix(sshd:session): session closed for user sheslostcontrol

From the moment I type my password and press enter, to the time I have a prompt is about 50 seconds. In SFTP, the time it takes to retrieve a directory listing, or upload a file, is about 40-60 seconds.

If, in SFTP, I upload a second file within ~10 seconds or less, there is no delay and the file is uploaded immediately. If I wait a few minutes, there is a ~60 second delay (and sometimes the server "times out" altogether).

Users experience no delay when viewing pages served by httpd. The box is updated regularly via RHN.

Some basics:

uname -a:
Linux mybox 2.6.18-194.3.1.el5xen #1 SMP Sun May 2 04:26:43 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

top
top - 13:55:26 up 15 days, 23:32, 1 user, load average: 0.33, 0.38, 0.37
Tasks: 267 total, 1 running, 266 sleeping, 0 stopped, 0 zombie
Cpu(s): 2.7%us, 0.4%sy, 0.0%ni, 96.8%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3689472k total, 3678880k used, 10592k free, 29052k buffers
Swap: 6144852k total, 240k used, 6144612k free, 2661488k cached

My disk usage is about 50% (2 of 4 TB).


If I can provide more details or log entries please let me know.

Can someone take a stab as to what might be happening?

[Segfault]

This kind of delay is often caused by hostname lookup failures.

[sheslostcontrol]

This kind of delay is often caused by hostname lookup failures.

How might I confirm this? Issuing "nslookup mybox" from command returns data almost immediately.

[Segfault]

Can it look up the box you are logging in from?

Something is terribly wrong there with uid, too. It shows uid=0 which is root. Root logins should not be allowed, root does not make remote connections either.

[sheslostcontrol]

I did log in as root earlier, have since logged out.

Yes, I am able to nslookup from my laptop - instant response.

[Segfault]

Not what I meant, can the server you are logging into look up your computer you are logging in from?

[sheslostcontrol]

Yes - almost instant response.

[Segfault]

Well, must be something else then. Increasing sshd verbosity might help.