As the top Google result for “ssh disable reverse DNS” I thought I’d post this here.
TL;DR version:
tcp wrappers (libwrap), may be causing a reverse DNS lookup to occur.
!(TL;DR) version:
A head-shaped dent was beginning to metaphorically appear on the wall, trying everything I could find to ascertain why my ssh initial connection was slow. A bit of running sshd in debug mode along with strace (and subsequently tcpdump), showed that was making repeated attempts to lookup the IP address with a DNS PTR lookup. Watching the process with ltrace, showed me that the hosts_access library function was being called, and was taking a long time Looking through the openssh source code revealed this to be libwrap related.
I didn’t look through the libwrap code (had difficulty finding it, and solved my problem before I did find it), but had the following in my hosts.allow file:
ALL: localhost
It would seem (from my observed behaviour), that when libwrap comes across this, rather than resolving localhost to 127.0.0.1, and comparing that with my IP address, it does a reverse lookup on my ip address, and compares the result with ‘localhost’.
This issue was resolved by changing localhost to 127.0.0.1/8, ::1.