Slow response to long wait time for SSH login in LAN

L fault symptom:

When you remotely log on to the server using the SSH tool, the logon prompt appears for a long time.

L search for problems:

You can add the "-V" parameter after the SSH command to output the debug information to locate the problem.

You will usually see information similar to this:

Debug1: Next authentication method: gssapi-with-mic

Debug1: unspecified GSS failure. Minor code may provide more information

Cannot determine realm For numeric host address

L fault cause:

After reading the above output results, it is obvious that this is caused by DNS resolution problems.

1. Why does the DNS resolution service need to be used during SSH Login?

Let's take a closer look at the above debug output, which is a disaster caused by gssapi authentication.

2. Why does gssapi authentication need to be used during SSH Login?

Gssapi is an itef standard for implementing strong encryption authentication in network applications. It is enabled by default on servers that support SSH v2.

3. What are the causes of slowness?

By default, gssapiauthentication is activated on both the server and client. If there is a problem with the DNS service, the login process will not continue until the DNS query times out. This is why the SSH logon prompt takes a long time.

L solution:

1. If the remote SSH server cannot be modified, modify the SSH client configuration file.

# Vi/etc/ssh/ssh_config (take the Linux client as an example)

Set: gssapiauthentication No

2. modify the configuration of the remote SSH Server

# Vi/etc/ssh/sshd_config

Set: gssapiauthentication No

You can also choose not to use DNS resolution: usedns No

Restart the sshd service/etc/init. d/sshd restart

Slow response to long wait time for SSH login in LAN