Slow SSH remote connection solution in Linux

Source: Internet
Author: User
Tags hmac ssh server

Slow SSH remote connection solution in Linux

Slow SSH remote connection solution in Linux

1. Applicable commands and solutions are as follows:
Remote connection and Command Execution]
Ssh-p22 [email protected]
Ssh-p22 [email protected]/sbin/ifconfig
[Remote copy: Push and pull]
Scp-P22-r-p/etc [email protected]:/tmp/
Scp-P22-r-p [email protected]:/tmp/etc
[Secure FTP function]
Sftp-oPort = 22 [email protected]
[Password-free verification plan]
For example, you can use sshkey to batch distribute files and perform deployment operations.

2. The primary cause of slow connection is DNS resolution.
Solution:
The most common reason is that the server's sshd will go to the DNS to find the hostname for accessing the client IP address. If the DNS is unavailable or there are no relevant records, it will take a lot of time.
1. Add the IP address and hostname of your local machine to the/etc/hosts file on the server.
2. Change the configuration in the/etc/ssh/sshd_config file on the ssh server as follows:

UseDNS no
# GSSAPI options
GSSAPIAuthentication no

The GSSAPIAuthentication parameter is used for Kerberos authentication. For most people, this authentication mechanism cannot be used. Therefore, stop them.
Then, run the/etc/init. d/sshd restart command to restart the sshd process to make the above configuration take effect. The connection is generally not slow.

3. If it is still slow, check whether the host name of 127.0.0.1 corresponds
The uname-n results are the same, or you can add the local ip address and hostname (uname-n results) to/etc/hosts.

3. Use the ssh-v debugging function to find out the cause of slowness.
In fact, you can use the following command to debug the slow details (learning this idea is very important ).
[Root @ localhost ~] # Ssh-v [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
Debug1: Reading configuration data/etc/ssh/ssh_config
Debug1: Applying options *
Debug1: Connecting to 192.168.2.15 [192.168.2.15] port 22.
Debug1: Connection established.
Debug1: permanently_set_uid: 0/0
Debug1: identity file/root/. ssh/identity type-1
Debug1: identity file/root/. ssh/id_rsa type-1
Debug1: identity file/root/. ssh/id_dsa type-1
Debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
Debug1: match: OpenSSH_4.3 pat OpenSSH_4 *
Debug1: Enabling compatibility mode for protocol 2.0
Debug1: Local version string SSH-2.0-OpenSSH_5.3
Debug1: SSH2_MSG_KEXINIT sent
Debug1: SSH2_MSG_KEXINIT initialized ed
Debug1: kex: server-> client aes128-ctr hmac-md5 none
Debug1: kex: client-> server aes128-ctr hmac-md5 none
Debug1: SSH2_MSG_KEX_DH_GEX_REQUEST (1024 <1024) sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host '192. 168.2.15 (192.168.2.15) 'can't be established.
RSA key fingerprint is ca: 18: 42: 76: 0e: 5a: 1c: 7d: ef: fc: 24: 75: 80: 11: ad: f9.
Are you sure you want to continue connecting (yes/no )? Yes
======> Here is the interaction prompt for saving the key.
Warning: Permanently added '192. 168.2.15 '(RSA) to the list of known hosts.
Debug1: ssh_rsa_verify: signature correct
Debug1: SSH2_MSG_NEWKEYS sent
Debug1: expecting SSH2_MSG_NEWKEYS
Debug1: SSH2_MSG_NEWKEYS received ed
Debug1: SSH2_MSG_SERVICE_REQUEST sent
Debug1: SSH2_MSG_SERVICE_ACCEPT received ed
Debug1: Authentications that can continue: publickey, password
Debug1: Next authentication method: publickey
Debug1: Trying private key:/root/. ssh/identity
Debug1: Trying private key:/root/. ssh/id_rsa
Debug1: Trying private key:/root/. ssh/id_dsa
Debug1: Next authentication method: password
[Email protected]'s password:
======> Here is the interaction prompt prompting you to enter the password.
Debug1: Authentication succeeded (password ).
Debug1: channel 0: new [client-session]
Debug1: Entering interactive session.
Debug1: Sending environment.
Debug1: Sending env LANG = en_US.UTF-8
Last login: Tue Sep 24 10:30:02 2013 from 192.168.2.13

If the connection is slow, you can determine where the connection is located.
[Root @ localhost ~] # Ssh-v [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
Debug1: Reading configuration data/etc/ssh/ssh_config
Debug1: Applying options *
Debug1: Connecting to 192.168.2.18 [192.168.2.18] port 22.
Debug1: Connection established.
Debug1: permanently_set_uid: 0/0
Debug1: identity file/root/. ssh/identity type-1
Debug1: identity file/root/. ssh/id_rsa type-1
Debug1: identity file/root/. ssh/id_dsa type 2
Debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
Debug1: match: OpenSSH_5.3 pat OpenSSH *
Debug1: Enabling compatibility mode for protocol 2.0
Debug1: Local version string SSH-2.0-OpenSSH_5.3
Debug1: SSH2_MSG_KEXINIT sent
Debug1: SSH2_MSG_KEXINIT initialized ed
Debug1: kex: server-> client aes128-ctr hmac-md5 none
Debug1: kex: client-> server aes128-ctr hmac-md5 none
Debug1: SSH2_MSG_KEX_DH_GEX_REQUEST (1024 <1024) sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Debug1: Host '192. 168.2.18 'is known and matches the RSA host key.
Debug1: Found key in/root/. ssh/known_hosts: 2
Debug1: ssh_rsa_verify: signature correct
Debug1: SSH2_MSG_NEWKEYS sent
Debug1: expecting SSH2_MSG_NEWKEYS
Debug1: SSH2_MSG_NEWKEYS received ed
Debug1: SSH2_MSG_SERVICE_REQUEST sent
Debug1: SSH2_MSG_SERVICE_ACCEPT received ed
Debug1: Authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, password
Debug1: Next authentication method: gssapi-keyex
Debug1: No valid Key exchange context
Debug1: Next authentication method: gssapi-with-mic

If the above configuration is not configured, It is found to be stuck in gssapi. It is probably a problem with gssapi. In fact, the SSH service should be optimized in the Linux system optimization section.

SSH service remote access to Linux Server login is slow

How to Improve the SSH login authentication speed of Ubuntu

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

How to add dual authentication for SSH in Linux

Configure the SFTP environment for non-SSH users in Linux

Configure and manage the SSH service on Linux

Basic SSH tutorial

SSH password-free logon details

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.