Solution to slow SSH login

To connect to other linux machines using ssh, the system will wait 10-30 seconds before prompting you to enter the password. It seriously affects work efficiency. Logons are slow and the logon speed is normal. There are two possible reasons for this situation: 1. DNS reverse resolution problems OpenSSH will verify the IP address when the user logs on, according to the user's... "/> <scripttype =" text/javascript "src =" htt connects to other linux machines by using ssh. the password will not be prompted until 10-30 seconds. It seriously affects work efficiency. Logons are slow and the logon speed is normal after logon. There are two possible reasons for this situation:

1. DNS reverse resolution problems

OpenSSH will verify the IP address when you log on. it uses reverse DNS to locate the host name based on the user's IP address, then uses DNS to locate the IP address, and finally matches whether the logon IP address is valid. If the IP address of the client does not have a domain name, or the DNS server is slow or inaccessible, it will take a long time to log on.

Solution:

Modify the sshd server configuration on the target server and restart sshd.

Vi/etc/ssh/sshd_config, set UseDNS to no

Of course, you can also solve this problem by providing correct reverse DNS resolution. There are two ways to solve this problem:

(1) add common ip addresses and hostnames in the/etc/hosts file on the server, and then add them to the/etc/nsswitch file. conf to check whether the program first queries the hosts file (this is usually the default ).

Modify the hosts file on the server and add the IP address and domain name of the target machine. Or let the local DNS server resolve the target address.

Vi/etc/hosts

192.168.12.16 ourdev

The format is "target machine IP address target machine name. Connect without delay. However, it would be hard to resolve each domain name. However, putty or secure-crt can be used in windows.

(2) start a dns server (which can be a local machine), add reverse resolution, and add the dns server to/etc/resolv. conf.

2. disable gssapi authentication for ssh

Use ssh-v user @ server to view the following information during logon:

Debug1: Next authentication method: gssapi-with-mic

Debug1: Unspecified GSS failure. Minor code may provide more information

Note: ssh-vvv user @ server can see more detailed debug information

Solution:

Modify the ssh client configuration on the client (note that it is not sshd_conf)

Vi/etc/ssh/ssh_config, set GSSAPIAuthentication no and restart sshd

You can use ssh-o GSSAPIAuthentication = no user @ server to log on.

GSSAPI (Generic Security Services Application Programming Interface) is a set of universal network Security system interfaces similar to Kerberos 5. This interface is encapsulated by different client server security mechanisms to eliminate different security interfaces and reduce programming difficulty. However, this interface may cause problems when the target machine does not have domain name resolution.

After you use strace to view the key, you can find that ssh authenticates gssapi-with-mic after the key is verified. then, connect to the DNS server and perform other operations.

Original article: http://www.linuxidc.com/Linux/2012-12/77144.htm