When connecting to a Palo Alto Networks firewall through a SSH, a delay of 10-20 seconds occurs between the time the username is input and a password prompt is presented.
Cause
This delay is caused by the system attempting a reverse DNS lookup for the IP address the login is originating from. The delay is present in cases where there is no DNS server configured or the DNS server does not respond to reverse DNS queries (or does not respond at all).
Resolution
Ensure that a DNS server is configured under Device > Setup > Services, and that it is reachable and will respond to reverse DNS (PTR) queries. The DNS server does not need to be able to correctly resolve the query, as long as it responds, even if the response is an error.