Home > Developer > Go

"Go" SSH login very slow workaround

Source: Internet
Author: User
Tags hmac reverse dns
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Using an SSH client (such as: Putty) to connect to a Linux server may wait 10-30 seconds before prompting for a password. Serious impact on productivity. Login is slow, log on up after normal speed, there are two main possible reasons for this situation:

1. DNS Reverse resolution problem

OPENSSH will authenticate the IP when the user logs in, it locates the hostname according to the user's IP using reverse DNS, then uses DNS to find the IP address, and finally matches the login IP is legitimate. If the client's IP does not have a domain name, or if the DNS server is slow or not, logging in will take time.

Workaround: Modify the SSHD server-side configuration on the target server and restart the sshd

    1. Vi/etc/ssh/sshd_config
    2. Usedns No
2. Turn off GSSAPI authentication for SSH

with ssh-v [email protected] You can see the following information when you log in:

    1. Debug1:next Authentication Method:gssapi-with-mic
    2. Debug1:unspecified GSS failure. Minor code may provide more information

Note:ssh-vvv [email protected] can see more detailed debug information

Workaround:

Modifying the SSHD server-side configuration

    1. Vi/etc/ssh/ssh_config
    2. Gssapiauthentication No

You can log in using ssh-o gssapiauthentication=no [email protected]

GSSAPI (Generic Security Services application Programming Interface) is a common network security system interface similar to Kerberos 5. This interface is a package of different client server security mechanisms to eliminate the different security interfaces and reduce programming difficulty. However, this interface will be problematic if the target machine has no domain name resolution.

Using Strace to see, SSH after the verification of the key, the authentication gssapi-with-mic, the first to connect to the DNS server, after which there will be other operations

  2. [[Email protected] ~] # SSH-VVV [email protected]
  4. OPENSSH_5.3P1, OpenSSL 1.0.1e-fips 2013
  6. Debug1:reading Configuration Data/etc/ssh/ssh_config
  8. debug1:applying options for *
  10. Debug2:ssh_connect:needpriv 0
  12. Debug1:connecting to 192.168.3.44 [192.168.3.44] Port 22.
  14. Debug1:connection established.
  16. debug1:permanently_set_uid:0/0
  18. Debug1:identity file/root/.ssh/identity type-1
  20. Debug1:identity file/root/.ssh/identity-cert type-1
  22. Debug1:identity file/root/.ssh/id_rsa type-1
  24. Debug1:identity file/root/.ssh/id_rsa-cert type-1
  26. Debug1:identity file/root/.ssh/id_dsa type-1
  28. Debug1:identity file/root/.ssh/id_dsa-cert type-1
  30. Debug1:identity file/root/.ssh/id_ecdsa type-1
  32. Debug1:identity file/root/.ssh/id_ecdsa-cert type-1
  34. Debug1:remote Protocol version 2.0, Remote software version openssh_5.3
  36. debug1:match:openssh_5.3 Pat Openssh*
  38. debug1:enabling compatibility mode for Protocol 2.0
  40. Debug1:local version string ssh-2.0-openssh_5.3
  42. DEBUG2:FD 3 Setting O_nonblock
  44. Debug1:ssh2_msg_kexinit sent
  46. Debug3:wrote 960 bytes For a total of 981
  48. Debug1:ssh2_msg_kexinit received
  50. DEBUG2:KEX_PARSE_KEXINIT:DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256,DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, Diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  52. Debug2:kex_parse_kexinit: [Email protected],[email protected],[email protected],[email PROTECTED],SSH-RSA,SSH-DSS
  54. DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, Blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
  56. DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, Blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
  58. debug2:kex_parse_kexinit:hmac-Md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[ Email protected],hmac-sha1-96,hmac-md5-96
  60. debug2:kex_parse_kexinit:hmac-Md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[ Email protected],hmac-sha1-96,hmac-md5-96
  62. Debug2:kex_parse_kexinit:none,[email protected],zlib
  64. Debug2:kex_parse_kexinit:none,[email protected],zlib
  66. Debug2:kex_parse_kexinit:
  68. Debug2:kex_parse_kexinit:
  70. Debug2:kex_parse_kexinit:first_kex_follows 0
  72. Debug2:kex_parse_kexinit:reserved 0
  74. DEBUG2:KEX_PARSE_KEXINIT:DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA256,DIFFIE-HELLMAN-GROUP-EXCHANGE-SHA1, Diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
  76. Debug2:kex_parse_kexinit:ssh-rsa,ssh-dss
  78. DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, Blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
  80. DEBUG2:KEX_PARSE_KEXINIT:AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC, Blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
  82. debug2:kex_parse_kexinit:hmac-Md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[ Email protected],hmac-sha1-96,hmac-md5-96
  84. debug2:kex_parse_kexinit:hmac-Md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[ Email protected],hmac-sha1-96,hmac-md5-96
  86. Debug2:kex_parse_kexinit:none,[email protected]
  88. Debug2:kex_parse_kexinit:none,[email protected]
  90. Debug2:kex_parse_kexinit:
  92. Debug2:kex_parse_kexinit:
  94. Debug2:kex_parse_kexinit:first_kex_follows 0
  96. Debug2:kex_parse_kexinit:reserved 0
  98. Debug2:mac_setup:found hmac-MD5
  100. Debug1:kex:server->client aes128-ctr hmac-MD5 None
  102. Debug2:mac_setup:found hmac-MD5
  104. Debug1:kex:client->server aes128-ctr hmac-MD5 None
  106. Debug1:ssh2_msg_kex_dh_gex_request (1024<1024<8192) sent
  108. Debug1:expecting Ssh2_msg_kex_dh_gex_group
  110. Debug3:wrote bytes for a total of 1005
  112. Debug2:dh_gen_key:priv Key Bits set:120/256
  114. Debug2:bits set:506/1024
  116. Debug1:ssh2_msg_kex_dh_gex_init sent
  118. Debug1:expecting ssh2_msg_kex_dh_gex_reply
  120. Debug3:wrote 144 bytes For a total of 1149
  122. Debug3:check_host_in_hostfile:host 192.168.3.44 filename/root/.ssh/known_hosts
  124. Debug3:check_host_in_hostfile:host 192.168.3.44 filename/root/.ssh/known_hosts
  126. Debug3:check_host_in_hostfile:match Line 8
  128. Debug1:host ' 192.168.3.44 ' is known and matches the RSA Host key.
  130. Debug1:found Key In/root/.ssh/known_hosts:8
  132. Debug2:bits set:527/1024
  134. Debug1:ssh_rsa_verify:signature correct
  136. Debug2:kex_derive_keys
  138. Debug2:set_newkeys: Mode 1
  140. Debug1:ssh2_msg_newkeys sent
  142. Debug1:expecting Ssh2_msg_newkeys
  144. Debug3:wrote bytes for a total of 1165
  146. Debug2:set_newkeys: mode 0
  148. Debug1:ssh2_msg_newkeys received
  150. Debug1:ssh2_msg_service_request sent
  152. Debug3:wrote bytes for a total of 1213
  154. Debug2:service_accept:ssh-userauth
  156. Debug1:ssh2_msg_service_accept received
  158. Debug2:key:/root/.ssh/identity ((nil))
  160. Debug2:key:/root/.ssh/id_rsa ((nil))
  162. Debug2:key:/root/.ssh/id_dsa ((nil))
  164. Debug2:key:/root/.ssh/id_ecdsa ((nil))
  166. Debug3:wrote bytes for a total of 1277
  168. Debug1:authentications that can Continue:publickey,gssapi-keyex,gssapi-with-mic,password
  170. Debug3:start over, passed a different list Publickey,gssapi-keyex,gssapi-with-mic,password
  172. Debug3:preferred Gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
  174. Debug3:authmethod_lookup Gssapi-keyex
  176. Debug3:remaining Preferred:gssapi-with-mic,publickey,keyboard-interactive,password
  178. Debug3:authmethod_is_enabled Gssapi-keyex
  180. Debug1:next Authentication Method:gssapi-keyex
  182. Debug1:no Valid Key Exchange context
  184. Debug2:we did not send a packet, disable method
  186. Debug3:authmethod_lookup gssapi-with-mic
  188. Debug3:remaining Preferred:publickey,keyboard-interactive,password
  190. Debug3:authmethod_is_enabled gssapi-with-mic
  192. Debug1:next Authentication Method:gssapi-with-mic
  194. Debug3:trying to reverse map address 192.168.3.44.
  196. Debug1:unspecified GSS failure. Minor code may provide more information
  198. Cannot determine realm for numeric host address
  202. Debug1:unspecified GSS failure. Minor code may provide more information
  204. Cannot determine realm for numeric host address
  208. Debug1:unspecified GSS failure. Minor code may provide more information
  214. Debug1:unspecified GSS failure. Minor code may provide more information
  216. Cannot determine realm for numeric host address
  220. Debug2:we did not send a packet, disable method
  222. Debug3:authmethod_lookup PublicKey
  224. Debug3:remaining Preferred:keyboard-interactive,password
  226. Debug3:authmethod_is_enabled PublicKey
  228. Debug1:next Authentication Method:publickey
  230. Debug1:trying private key:/root/.ssh/identity
  232. Debug3:no such identity:/root/.ssh/identity
  234. Debug1:trying private key:/root/.ssh/id_rsa
  236. Debug3:no such identity:/root/.ssh/id_rsa
  238. Debug1:trying private key:/ROOT/.SSH/ID_DSA
  240. Debug3:no such identity:/ROOT/.SSH/ID_DSA
  242. Debug1:trying private key:/ROOT/.SSH/ID_ECDSA
  244. Debug3:no such identity:/ROOT/.SSH/ID_ECDSA
  246. Debug2:we did not send a packet, disable method
  248. Debug3:authmethod_lookup Password
  250. Debug3:remaining preferred:, password
  252. debug3:authmethod_is_enabled Password
  254. Debug1:next Authentication Method:password
  256. [email protected] ' s password:

This article was reproduced in: https://blog.linuxeye.com/420.html

"Go" SSH login very slow workaround

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
go webmail login magento go login go email login go mail account login mobileiron go login hdcp workaround debian root login ssh
Related Article
Go combat--golang Get public IP, view intranet IP, detect IP ...
Golang client Sarama via SSL connection Kafka configuration
Golang private Key "encrypt" public key "decrypt"
Golang in net package usage (i)
Go Navicat Premium 12.1.8.0 Installation and activation
Go adobe Creative Cloud 2015 download adobe CC Download

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More