Use this command: ssh-v [email protected], you can view the log of the connection login process
SSH to other Linux machines, will wait 10-30 seconds to prompt for a password. Serious impact on productivity. Login is slow, log on up after normal speed, there are two main possible reasons for this situation:
1. Problems with DNS reverse resolution
OPENSSH will authenticate the IP when the user logs in, it locates the hostname according to the user's IP using reverse DNS, then uses DNS to find the IP address, and finally matches the login IP is legitimate. If the client's IP does not have a domain name, or if the DNS server is slow or not, logging in will take time.
Workaround:
Modify the SSHD server-side configuration on the target server and restart the sshd
Vi/etc/ssh/sshd_config, set Usedns to No
Of course, it can also be solved by providing DNS correct reverse resolution, like the following two ways of thinking
(1) in the/etc/hosts file on the server to add the usual IP and hostname, and then/etc/nsswitch.conf to see if the program first query the Hosts file (the general default is this).
Modify the Hosts file on the server to add the IP and domain name of the target machine. or let the local DNS server resolve the destination address.
Vi/etc/hosts
192.168.12.16 Ourdev
The format is "target machine IP target machine name" This method promotes efficiency. There is no delay in the connection. But if you add a domain name to each of the resolution, very hard. However, this method can be used when using putty or SECURE-CRT under Windows.
(2) A DNS server (can be a native), add the reverse resolution, the DNS server to join the/etc/resolv.conf.
2. Turn off GSSAPI authentication for SSH
with ssh-v [email protected] You can see the following information when you log in:
Debug1:next Authentication Method:gssapi-with-mic
Debug1:unspecified GSS failure. Minor code may provide more information
Note: SSH-VVV [email protected] can see more detailed debug information
Workaround:
Vi/etc/ssh/ssh_config (SSH, not sshd), set gssapiauthentication No and restart sshd
You can log in using ssh-o gssapiauthentication=no [email protected]
GSSAPI (Generic Security Services application Programming Interface) is a common network security system interface similar to Kerberos 5. This interface is a package of different client server security mechanisms to eliminate the different security interfaces and reduce programming difficulty. However, this interface will be problematic if the target machine has no domain name resolution.
Recently found SSH connection is very slow, ping is very good speed, people mistakenly think that SSH is not connected. Analysis results, the main reason is: DNS resolution IP caused, can be used in the following several analytical processing methods
1.linux SSH Connection Slow
Recently found SSH connection is very slow, ping is very good speed, people mistakenly think that SSH is not connected.
Analysis results, the main reason is: DNS resolution IP caused, can be used in the following several analytical processing methods
1. Add your native IP and hostname to the/etc/hosts file on the server
2. Modify or add Usedns=no to the/etc/ssh/sshd_config file on the server
3. Comment out all lines of IP not used in/etc/resolv.conf on server
4, modify the server on the/etc/nsswitch.conf hosts for Hosts:files
5, authentication gssapi-with-mic may also have a problem, on the server/etc/ssh/sshd_config file to modify Gssapiauthentication No. /etc/init.d/sshd Restart Restart the sshd process for the configuration to take effect.
If you previously configured a dual network card for the server, so that in the/etc/resolv.conf file, a line is not currently used IP address. Note or delete the line.
2.mysql Slow connection speed
In the LAN connection to other machines of MySQL, found that the speed is very slow, do not know what reason, there are always a few seconds of delay.
Remote connection MySQL is unusually slow, executes a command frequently, and waits 10 seconds to execute the next one. The workaround is to add skip-name-resolve to the mysqld section in MySQL's My.ini, which avoids parsing the host name to speed up the connection.
Later found in the online solution, My.ini inside add <linux in/etc/my.cnf>
[Mysqld]
Skip-name-resolve
Skip-grant-tables
It's going to be fast!
- Skip-name-resolve
- Skip-grant-tables
The reasons are:
- Each time the MySQL client accesses the db,mysql, it tries to parse the hostname of the machine to be accessed and caches it to the hostname cache, and if this fails to parse, the data can be taken over.
- 2. The system will not make any access control to any user's access
Friendly tip: Restart MySQL in effect
Skip-name-resolve
Option to disable DNS resolution, the connection speed will be much faster. However, it is not possible to use the hostname in the MySQL authorization table and only use the IP format.
If using the –skip-grant-tables system will not make any access control to any user's access, but can use mysqladmin flush-privileges or mysqladmin reload to turn on access control; By default, show The databases statement is open to all users.
Also refer to: http://www.jb51.net/article/27616.htm
Linux ssh and MySQL connections build a slow solution