Home > Developer > Linux

Slow ssh Login Solution

Source: Internet
Author: User
Tags hmac reverse dns
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

[Switch] ssh logon is slow. Solution: ssh logon Solution

If you use an ssh client (such as putty) to connect to a Linux server, it may take 10-30 seconds to prompt you to enter the password. It seriously affects work efficiency. Logons are slow and the logon speed is normal after logon. There are two possible reasons for this situation:

1. DNS reverse resolution Problems

OpenSSH will verify the IP address when you log on. It uses reverse DNS to locate the host name based on the user's IP address, then uses DNS to locate the IP address, and finally matches whether the logon IP address is valid. If the IP address of the client does not have a domain name, or the DNS server is slow or inaccessible, it will take a long time to log on.

Solution:Modify the sshd server configuration on the target server and Restart sshd.

  1. Vi/etc/ssh/sshd_config
  2. UseDNS no
2. Disable gssapi authentication for ssh

Use ssh-v user @ server to view the following information during logon:

  1. Debug1: Next authentication method: gssapi-with-mic
  2. Debug1: Unspecified GSS failure. Minor code may provide more information

Note:Ssh-vvv user @ server can see more detailed debug information

Solution:

Modify sshd server configuration

  1. Vi/etc/ssh/ssh_config
  2. GSSAPIAuthentication no

AvailableSsh-o GSSAPIAuthentication = no user @ serverLogin

GSSAPI (Generic Security Services Application Programming Interface) is a set of universal network Security system interfaces similar to Kerberos 5. This interface is encapsulated by different client server security mechanisms to eliminate different security interfaces and reduce programming difficulty. However, this interface may cause problems when the target machine does not have domain name resolution.

After you use strace to view the key, you will find that ssh authenticates gssapi-with-mic after the key is verified. Then, connect to the DNS server and perform other operations.

  1. [Root @ 192-168-3-40 ~] # Ssh-vvv root@192.168.3.44
  2. OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
  3. Debug1: Reading configuration data/etc/ssh/ssh_config
  4. Debug1: Applying options *
  5. Debug2: ssh_connect: needpriv 0
  6. Debug1: Connecting to 192.168.3.44 [192.168.3.44] port 22.
  7. Debug1: Connection established.
  8. Debug1: permanently_set_uid: 0/0
  9. Debug1: identity file/root/. ssh/identity type-1
  10. Debug1: identity file/root/. ssh/identity-cert type-1
  11. Debug1: identity file/root/. ssh/id_rsa type-1
  12. Debug1: identity file/root/. ssh/id_rsa-cert-type-1
  13. Debug1: identity file/root/. ssh/id_dsa type-1
  14. Debug1: identity file/root/. ssh/id_dsa-cert-type-1
  15. Debug1: identity file/root/. ssh/id_ecdsa type-1
  16. Debug1: identity file/root/. ssh/id_ecdsa-cert-type-1
  17. Debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
  18. Debug1: match: OpenSSH_5.3 pat OpenSSH *
  19. Debug1: Enabling compatibility mode for protocol 2.0
  20. Debug1: Local version string SSH-2.0-OpenSSH_5.3
  21. Debug2: fd 3 setting O_NONBLOCK
  22. Debug1: SSH2_MSG_KEXINIT sent
  23. Debug3: Wrote 960 bytes for a total of 981
  24. Debug1: SSH2_MSG_KEXINIT initialized ed
  25. Debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
  26. Debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ssh-rsa-cert-v00@openssh.com, ssh-dss-cert-v00@openssh.com, ssh-rsa, ssh-dss
  27. Debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
  28. Debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
  29. Debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com
  30. Debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com
  31. Debug2: kex_parse_kexinit: none, zlib@openssh.com, zlib
  32. Debug2: kex_parse_kexinit: none, zlib@openssh.com, zlib
  33. Debug2: kex_parse_kexinit:
  34. Debug2: kex_parse_kexinit:
  35. Debug2: kex_parse_kexinit: first_kex_follows 0
  36. Debug2: kex_parse_kexinit: reserved 0
  37. Debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
  38. Debug2: kex_parse_kexinit: ssh-rsa, ssh-dss
  39. Debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
  40. Debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se
  41. Debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com
  42. Debug2: kex_parse_kexinit: hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-ripemd160, hmac-ripemd160@openssh.com
  43. Debug2: kex_parse_kexinit: none, zlib@openssh.com
  44. Debug2: kex_parse_kexinit: none, zlib@openssh.com
  45. Debug2: kex_parse_kexinit:
  46. Debug2: kex_parse_kexinit:
  47. Debug2: kex_parse_kexinit: first_kex_follows 0
  48. Debug2: kex_parse_kexinit: reserved 0
  49. Debug2: mac_setup: found hmac-md5
  50. Debug1: kex: server-> client aes128-ctr hmac-md5 none
  51. Debug2: mac_setup: found hmac-md5
  52. Debug1: kex: client-> server aes128-ctr hmac-md5 none
  53. Debug1: SSH2_MSG_KEX_DH_GEX_REQUEST (1024 <1024) sent
  54. Debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  55. Debug3: Wrote 24 bytes for a total of 1005
  56. Debug2: dh_gen_key: priv key bits set: 120/256
  57. Debug2: bits set: 506/1024
  58. Debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  59. Debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  60. Debug3: Wrote 144 bytes for a total of 1149
  61. Debug3: check_host_in_hostfile: host 192.168.3.44 filename/root/. ssh/known_hosts
  62. Debug3: check_host_in_hostfile: host 192.168.3.44 filename/root/. ssh/known_hosts
  63. Debug3: check_host_in_hostfile: match line 8
  64. Debug1: Host '192. 168.3.44 'is known and matches the RSA host key.
  65. Debug1: Found key in/root/. ssh/known_hosts: 8
  66. Debug2: bits set: 527/1024
  67. Debug1: ssh_rsa_verify: signature correct
  68. Debug2: kex_derive_keys
  69. Debug2: set_newkeys: mode 1
  70. Debug1: SSH2_MSG_NEWKEYS sent
  71. Debug1: expecting SSH2_MSG_NEWKEYS
  72. Debug3: Wrote 16 bytes for a total of 1165
  73. Debug2: set_newkeys: mode 0
  74. Debug1: SSH2_MSG_NEWKEYS received ed
  75. Debug1: SSH2_MSG_SERVICE_REQUEST sent
  76. Debug3: Wrote 48 bytes for a total of 1213
  77. Debug2: service_accept: ssh-userauth
  78. Debug1: SSH2_MSG_SERVICE_ACCEPT received ed
  79. Debug2: key:/root/. ssh/identity (nil ))
  80. Debug2: key:/root/. ssh/id_rsa (nil ))
  81. Debug2: key:/root/. ssh/id_dsa (nil ))
  82. Debug2: key:/root/. ssh/id_ecdsa (nil ))
  83. Debug3: Wrote 64 bytes for a total of 1277
  84. Debug1: Authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, password
  85. Debug3: start over, passed a different list publickey, gssapi-keyex, gssapi-with-mic, password
  86. Debug3: preferred gssapi-keyex, gssapi-with-mic, publickey, keyboard-interactive, password
  87. Debug3: authmethod_lookup gssapi-keyex
  88. Debug3: remaining preferred: gssapi-with-mic, publickey, keyboard-interactive, password
  89. Debug3: authmethod_is_enabled gssapi-keyex
  90. Debug1: Next authentication method: gssapi-keyex
  91. Debug1: No valid Key exchange context
  92. Debug2: we did not send a packet, disable method
  93. Debug3: authmethod_lookup gssapi-with-mic
  94. Debug3: remaining preferred: publickey, keyboard-interactive, password
  95. Debug3: authmethod_is_enabled gssapi-with-mic
  96. Debug1: Next authentication method: gssapi-with-mic
  97. Debug3: Trying to reverse map address 192.168.3.44.
  98. Debug1: Unspecified GSS failure. Minor code may provide more information
  99. Cannot determine realm for numeric host address
  101. Debug1: Unspecified GSS failure. Minor code may provide more information
  102. Cannot determine realm for numeric host address
  104. Debug1: Unspecified GSS failure. Minor code may provide more information
  107. Debug1: Unspecified GSS failure. Minor code may provide more information
  108. Cannot determine realm for numeric host address
  110. Debug2: we did not send a packet, disable method
  111. Debug3: authmethod_lookup publickey
  112. Debug3: remaining preferred: keyboard-interactive, password
  113. Debug3: authmethod_is_enabled publickey
  114. Debug1: Next authentication method: publickey
  115. Debug1: Trying private key:/root/. ssh/identity
  116. Debug3: no such identity:/root/. ssh/identity
  117. Debug1: Trying private key:/root/. ssh/id_rsa
  118. Debug3: no such identity:/root/. ssh/id_rsa
  119. Debug1: Trying private key:/root/. ssh/id_dsa
  120. Debug3: no such identity:/root/. ssh/id_dsa
  121. Debug1: Trying private key:/root/. ssh/id_ecdsa
  122. Debug3: no such identity:/root/. ssh/id_ecdsa
  123. Debug2: we did not send a packet, disable method
  124. Debug3: authmethod_lookup password
  125. Debug3: remaining preferred:, password
  126. Debug3: authmethod_is_enabled password
  127. Debug1: Next authentication method: password
  128. Root@192.168.3.44's password:

This article is reproduced in: https://blog.linuxeye.com/420.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
allow ssh login disable password login ssh disable root ssh login key login ssh login using ssh ssh login mac ssh login message

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More