Slow SSH connection in CentOS/Linux

Source: Internet
Author: User
Tags reverse dns

Slow SSH connection in CentOS/Linux

Currently, SSH remote connection is generally used to connect to the inux server. I recently installed a new server and found that telnet is fast, ping is normal, but SSH connection is slow. There are several reasons for the query:

1. The SERVER's SSHD will go to the DNS to find the HOSTNAME of the accessed client ip address. If the DNS is unavailable or there is no relevant record, it will take some time.
2. In authentication gssapi-with-mic, it sometimes takes some time.

I. Test the specific causes:
1. Use ssh-v host for debugging
# Ssh-v 192.168.100.10
Then a lot of debug messages will be output. The debug information will show where the connection is delayed.
For example, the following information is displayed:
[Html] view plaincopyprint? Debug1: Next authentication method: gssapi-with-mic
Debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

Debug1: Next authentication method: gssapi-with-mic
Debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

2. Check the connection time
# Time ssh root@192.168.100.10 exit

2. solution (we recommend setting one by one because the connection speed is slow for each person ):

Note: After modification, restart the sshd service.
# Service sshd restart

1. Disable reverse DNS resolution
In linux, SSH reverse DNS resolution is enabled by default, which consumes a lot of time and therefore needs to be disabled.
# Vi/etc/ssh/sshd_config
UseDNS = no

In the configuration file, although UseDNS yes is commented out, the default switch is yes.

2. Disable GSS authentication on the SERVER
Authentication gssapi-with-mic may cause problems, so disabling GSS authentication can increase the ssh connection speed.
# Vi/etc/ssh/sshd_config
GSSAPIAuthentication no

3. Modify the nsswitch. conf file on the server.
# Vi/etc/nsswitch. conf
Find
Hosts: files dns
Change
Hosts: files

Hosts: files dns indicates the order in which domain names are resolved for the hosts to be accessed, that is, to first access the file, that is, the/etc/hosts file. If no domain name is recorded in hosts, then, access the dns for domain name resolution. If the dns cannot be accessed, the system will wait until the access times out and return. Therefore, the wait time is long.

Note: If the SERVER needs to access other servers through the domain name, you need to keep this line.

4. Modify the resolv. conf file on the SERVER.
4.1 delete all unused IP addresses in/etc/resolv. conf.
4.2 Delete All nameservers. The problem can be solved, but the server cannot access the Internet.
4.3 if the SERVER has configured a dual-nic, there will be a line of IP addresses not currently used in this file. Delete this line.

5. Modify the hosts file on the SERVER
Add the Client IP address and HOSTNAME to the/etc/hosts file on the SERVER

6. Open the IgnoreRhosts parameter on the SERVER.
The IgnoreRhosts parameter can ignore records of previously logged-on hosts. Setting it to yes greatly improves the connection speed.
# Vi/etc/ssh/sshd_config
IgnoreRhosts yes

-------------------- The above settings are on the SERVER, the following are set on the CLIENT -----------------------

7. Modify the hosts file of the Client
Add the IP address and domain name of the target SERVER so that the local DNS service can resolve the target address.
# Vi/etc/hosts
192.168.100.11 doiido.com

Note: The hosts file format is 'destination SERVER_IP destination SERVER_NAME '. However, this method has one drawback. If you need to add a domain name resolution for each SERVER.

8. Modify the client configuration file ssh_conf (note that it is not sshd_conf)
# Vi/etc/ssh/ssh_conf
Find
GSSAPIAuthentication yes
Change

GSSAPIAuthentication no

Slow ssh connection Solution

How to Improve the SSH login authentication speed of Ubuntu

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

How to add dual authentication for SSH in Linux

Configure the SFTP environment for non-SSH users in Linux

Configure and manage the SSH service on Linux

Basic SSH tutorial

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.