Connecting to a Linux server is now generally a way to connect remotely using SSH. Recently installed a server, found that Telnet is very fast, ping everything is normal, but SSH connection is very slow. After the online information query, there are a few reasons:
1, the server sshd will go to DNS to find the hostname of the client IP access, if the DNS is not available or no related records, it will consume a period of time.
2, in authentication gssapi-with-mic sometimes also consumes a period of time
First, the test to find specific reasons:
1. Use SSH-V host for debug
# ssh-v 192.168.100.10
Then it will output a lot of debug, through the debug information can see where the connection is delayed
For example, the following information is displayed:
[HTML]View PlainCopy
- Debug1:next Authentication Method:gssapi-with-mic
- Debug1:unspecified GSS failure. Minor code may provide more information
- No Credentials Cache found
2. Check the connection time
# time SSH [email protected] Exit
II , workaround (Recommended one by one, because each person's connection is not the same reason):
Note: After the change, remember Restart the sshd service
# service sshd restart
1, turn off DNS reverse resolution
in Linux, the default is to turn on SSH reverse DNS resolution, This consumes a lot of time and therefore needs to be closed.
# vi/etc/ssh/sshd_config
Usedns=no
In the configuration file, although Usedns Yes is commented, But the default switch is Yes
2, turn off GSS authentication on server
There is a high likelihood of problems with authentication gssapi-with-mic, so turning off GSS authentication can improve the SSH connection speed.
# vi/etc/ssh/sshd_config
gssapiauthentication no
3, Modify the nsswitch.conf file on the server
# vi/etc/nsswitch.conf
to find
Hosts:files DNS
instead
Hosts:files
Hosts:files DNS This line means that the host for the access to the order of domain name resolution, is the first access to file, that is,/etc/hosts files, if there is no record domain name in the hosts, then access to DNS, For domain name resolution, if DNS is not reachable, it waits for the access timeout to return, so the wait time is longer.
Note: If your server needs to access other servers through a domain name, you need to keep this line.
4. Modify the resolv.conf file on the server
4.1. Delete all unused IPs in/etc/resolv.conf.
4.2, the nameserver all removed, the problem can also be resolved, but the server will not be able to surf the Internet.
4.3, if the server has been configured with a dual network card, then there will be a line in the file is not currently used IP address, delete the line.
5. Modify the Hosts file on the server
Add the client IP and hostname to the/etc/hosts file on the server
6. Open the ignorerhosts parameter on the server
The ignorerhosts parameter can ignore records that were previously logged on to the host and can greatly increase the connection speed when set to Yes
# Vi/etc/ssh/sshd_config
Ignorerhosts Yes
--------------------above are set on the server, the following are set on the client-----------------------
7, modify the client's Hosts file
Add the IP and domain name of the destination server so that the local DNS service can resolve the destination address.
# vi/etc/hosts
192.168.100.11 doiido.com
Note: The Hosts file format is ' target server_ip target server_name '. But using this method has a disadvantage if you need to add a domain name resolution to each server.
8, modify the client configuration file ssh_conf (note, not sshd_conf)
# vi/etc/ssh/ssh_conf
Found it
Gssapiauthentication Yes
Switch
Gssapiauthentication No
Centos/linux Fix SSH Connection slow