Home > Others

Solution to slow SSH connection

Source: Internet
Author: User
Tags hmac
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Http://blog.csdn.net/ablo_zhou/article/details/5074887

==================

Symptom:

In the LAN, the target machine can be pinged with a latency of microseconds.

Connect to other Linux machines in the LAN Using SSH. The password will not be prompted until 10-30 seconds. It seriously affects work efficiency.

 

======================================

Client operating system version:

[Email protected]: ~ $ CAT/etc/LSB-release
Distrib_id = Ubuntu
Distrib_release = 9.10
Distrib_codename = karmic
Distrib_description = "ubuntu 9.10"

 

======================================

Debugging information:

 

[CSS] View plaincopy
  2. [Email protected]: ~ $ Ssh-V 192.168.12.16
  4. Openssh_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
  6. Debug1: Reading configuration data/etc/ssh/ssh_config
  8. Debug1: Applying options *
  10. Debug1: connecting to 192.168.12.16 [192.168.12.16] port 22.
  12. Debug1: Connection established.
  14. Debug1: Identity file/home/zhouhh/. Ssh/identity type-1
  16. Debug1: Identity file/home/zhouhh/. Ssh/id_rsa type-1
  18. Debug1: Identity file/home/zhouhh/. Ssh/id_dsa type-1
  20. Debug1: Remote Protocol Version 2.0, remote software version openssh_4.3
  22. Debug1: Match: openssh_4.3 Pat openssh_4 *
  24. Debug1: enabling compatibility mode for protocol 2.0
  26. Debug1: local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
  28. Debug1: ssh2_msg_kexinit sent
  30. Debug1: ssh2_msg_kexinit initialized ed
  32. Debug1: kex: Server-> client aes128-cbc hmac-md5 none
  34. Debug1: kex: client-> server aes128-cbc hmac-md5 none
  36. Debug1: ssh2_msg_kex_dh_gex_request (1024 <1024) sent
  38. Debug1: expecting ssh2_msg_kex_dh_gex_group
  40. Debug1: ssh2_msg_kex_dh_gex_init sent
  42. Debug1: expecting ssh2_msg_kex_dh_gex_reply
  44. Debug1: Host '192. 168.12.16 'is known and matches the RSA host key.
  46. Debug1: Found key in/home/zhouhh/. Ssh/known_hosts: 1
  48. Debug1: ssh_rsa_verify: Signature correct
  50. Debug1: ssh2_msg_newkeys sent
  52. Debug1: expecting ssh2_msg_newkeys
  54. Debug1: ssh2_msg_newkeys received ed
  56. Debug1: ssh2_msg_service_request sent
  58. Debug1: ssh2_msg_service_accept received ed
  60. Debug1: authentications that can continue: publickey, gssapi-with-mic, password
  62. Debug1: Next authentication method: gssapi-with-mic
  64. Debug1: An invalid name was supplied
  66. Cannot determine realm For numeric host address
  68. Debug1: An invalid name was supplied
  70. Cannot determine realm For numeric host address
  72. Debug1: An invalid name was supplied
  74. Debug1: Next authentication method: publickey
  76. Debug1: Trying private key:/home/zhouhh/. Ssh/identity
  78. Debug1: Trying private key:/home/zhouhh/. Ssh/id_rsa
  80. Debug1: Trying private key:/home/zhouhh/. Ssh/id_dsa
  82. Debug1: Next authentication method: Password
  84. [Email protected] 192.168.12.16's password:
  86. Debug1: authentication succeeded (password ).
  88. Debug1: Channel 0: New [client-session]
  90. Debug1: Entering interactive session.
  92. Debug1: sending environment.
  94. Debug1: sending env lang = zh_CN.UTF-8
  96. Last login: Fri Dec 25 13:35:04 2009 from 192.168.11.146

 

 

The following error message is displayed:

Debug1: Next authentication method: gssapi-with-mic
Debug1: An invalid name was supplied
Cannot determine realm For numeric host address

 

In fact, it takes time to start from the gssapi-with-mic line.

 

================================

Failed attempts:


Some people say that the/etc/ssh/sshd_conf file is modified on the target machine.

Change the default value of usedns from yes to no and Restart sshd. I tried it. I don't need to use it in this case. However, it is not ruled out to use other latencies.

 

================================

Effective Solution:

1. Modify the hosts file of the Local Machine and add the IP address and domain name of the target machine. Or let the local DNS server resolve the target address.

VI/etc/hosts

 

192.168.12.16 ourdev

 

The format is "target machine IP address target machine name. Connect without delay. However, it would be hard to resolve each domain name. However, putty or secure-CRT can be used in windows.

 

2. Modify the local client configuration file ssh_conf. Note that it is not sshd_conf

VI/etc/ssh/ssh_conf

 

Find

Gssapiauthentication Yes

Change

Gssapiauthentication No

Save.

 

Connect to the target machine, and the speed will be fast.

Gssapi (Generic Security Services Application Programming Interface)Is a set of universal network security system interfaces similar to Kerberos 5. This interface is encapsulated by different client server security mechanisms to eliminate different security interfaces and reduce programming difficulty. However, this interface may cause problems when the target machine does not have domain name resolution. I see someone submitted a bug to Ubuntu, saying that we want to set the default value of gssapiauthentication to No. Somehow, the default value of ubuntu9.10 is yes.

 

After modification, the connection debugging data changes:

 

[C-sharp] View plaincopy
  2. [Email protected]: ~ $ Ssh-V 192.168.12.16
  4. Openssh_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
  6. Debug1: Reading configuration data/etc/ssh/ssh_config
  8. Debug1: Applying options *
  10. Debug1: connecting to 192.168.12.16 [192.168.12.16] port 22.
  12. Debug1: Connection established.
  14. Debug1: Identity file/home/zhouhh/. Ssh/identity type-1
  16. Debug1: Identity file/home/zhouhh/. Ssh/id_rsa type-1
  18. Debug1: Identity file/home/zhouhh/. Ssh/id_dsa type-1
  20. Debug1: Remote Protocol Version 2.0, remote software version openssh_4.3
  22. Debug1: Match: openssh_4.3 Pat openssh_4 *
  24. Debug1: enabling compatibility mode for protocol 2.0
  26. Debug1: local version string SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2
  28. Debug1: ssh2_msg_kexinit sent
  30. Debug1: ssh2_msg_kexinit initialized ed
  32. Debug1: kex: Server-> client aes128-cbc hmac-md5 none
  34. Debug1: kex: client-> server aes128-cbc hmac-md5 none
  36. Debug1: ssh2_msg_kex_dh_gex_request (1024 <1024) sent
  38. Debug1: expecting ssh2_msg_kex_dh_gex_group
  40. Debug1: ssh2_msg_kex_dh_gex_init sent
  42. Debug1: expecting ssh2_msg_kex_dh_gex_reply
  44. Debug1: Host '192. 168.12.16 'is known and matches the RSA host key.
  46. Debug1: Found key in/home/zhouhh/. Ssh/known_hosts: 1
  48. Debug1: ssh_rsa_verify: Signature correct
  50. Debug1: ssh2_msg_newkeys sent
  52. Debug1: expecting ssh2_msg_newkeys
  54. Debug1: ssh2_msg_newkeys received ed
  56. Debug1: ssh2_msg_service_request sent
  58. Debug1: ssh2_msg_service_accept received ed
  60. Debug1: authentications that can continue: publickey, gssapi-with-mic, password
  62. Debug1: Next authentication method: publickey
  64. Debug1: Trying private key:/home/zhouhh/. Ssh/identity
  66. Debug1: Trying private key:/home/zhouhh/. Ssh/id_rsa
  68. Debug1: Trying private key:/home/zhouhh/. Ssh/id_dsa
  70. Debug1: Next authentication method: Password
  72. [Email protected]'s password:

 

Solution to slow SSH connection

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to establish ssh connection ssh connection macbook pro slow internet connection ssh connect to host localhost port 22 connection refused ubuntu c ssh connection close ssh connection establish ssh connection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More