Solution to slow SSH remote connection under CentOS

1. Applicable commands and solutions are as follows:
Remote connection and Command Execution]
Ssh-p22 root@10.0.0.19
Ssh-p22 root@10.0.0.19/sbin/ifconfig
[Remote copy: Push and pull]
Scp-P22-r-p/etc root@10.0.0.19:/tmp/
Scp-P22-r-p root@10.0.0.19:/tmp/etc
[Secure FTP function]
Sftp-oPort = 22 root@10.0.0.19
[Password-free verification plan]
For example, you can use sshkey to batch distribute files and perform deployment operations.

2. The primary cause of slow connection is DNS resolution.
Solution:

1. Change the configuration in the/etc/ssh/sshd_config file on the ssh server as follows:
UseDNS no
# GSSAPI options
GSSAPIAuthentication no
Then, run the/etc/init. d/sshd restart command to restart the sshd process to make the above configuration take effect. The connection is generally not slow.

2. If it is still slow, check whether the host name corresponding to 127.0.0.1 and
The uname-n results are the same, or you can add the local ip address and hostname (uname-n results) to/etc/hosts.

[root@C64~]# uname -nC64[root@C64~]# cat /etc/hosts#modi by oldboy 11:12 2013/9/24127.0.0.1 C64 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain610.0.0.18 C64################

3. Use the ssh-v debugging function to find out the cause of slowness.

In fact, you can use the following command to debug the slow details (learning this idea is very important ).

[Root @ C64 ~] # Ssh-v root@10.0.0.19OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010debug1: Reading configuration data/etc/ssh/ssh_configdebug1: Applying options for * debug1: Connecting to 10.0.0.19 [10.0.0.19] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0debug1: identity file/root /. ssh/identity type-1debug1: identity file/root /. ssh/id_rsa type-1debug1: identity file/root /. ssh/id_dsa Type-1debug1: Remote protocol version 2.0, remote software version matching: match: OpenSSH_4.3 pat OpenSSH_4 * debug1: Enabling compatibility mode forprotocol 2.0debug1: Local version string SSH-2.0-OpenSSH_5.3debug1: FIG: kex: server-> client aes128-ctr hmac-md5 nonedebug1: kex: client-> server aes128-ctr hmac-md5 nonedebug1: SSH2_M SG_KEX_DH_GEX_REQUEST (1024 <1024 <8192) sentdebug1: expecting failed: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting failed authenticity of host '10. 0.0.19 (10.0.0.19) 'Can't be established. RSA key fingerprint is ca: 18: 42: 76: 0e: 5a: 1c: 7d: ef: fc: 24: 75: 80: 11: ad: f9.Are you sure you want to continue connecting (yes/no )? Yes ======> old boy instructor comment: Here is the interaction prompt for saving the key. Warning: Permanently added '10. 0.0.19 '(RSA) to the list of known hosts. debug1: signature failed: inclusentdebug1: expecting failed: incluinclueddebug1: inclusentdebug1: incluinclueddebug1: Authentications that can continue: publickey, passworddebug1: Next authentication method: Failed: Rying private key:/root /. ssh/identitydebug1: Trying private key:/root /. ssh/id_rsadebug1: Trying private key:/root /. ssh/id_dsadebug1: Next authentication method: passwordroot@10.0.0.19's password: ==========> old boy instructor rating: Here is the interaction prompt prompting you to enter the password. Debug1: Authentication succeeded (password ). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8Last login: Tue Sep 24 10:30:02 2013 from 10.0.0.18 if it is slow during remote connection, you can determine where it is. [Root @ C64_A ~] # Ssh-v oldboy@10.0.0.17OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010debug1: Reading configuration data/etc/ssh/ssh_configdebug1: Applying options for * debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0debug1: identity file/root /. ssh/identity type-1debug1: identity file/root /. ssh/id_rsa type-1debug1: identity file/root /. ssh/id_dsa type 2debug1: Remote protocol version 2.0, remote software version earlier: match: OpenSSH_5.3 pat OpenSSH * debug1: Enabling compatibility mode forprotocol 2.0debug1: Local version string SSH-2.0-OpenSSH_5.3debug1: ipvsentdebug1: extends extends eddebug1: kex: server-> client aes128-ctr hmac-md5 nonedebug1: kex: client-> server aes128-ctr hmac-md5 nonedebug1: Small (1024 <1024 <8192) sentdebug1: expecting handle: extends sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug1: Host '10. 0.0.17 'is known and matches the RSA host key. debug1: Found key in/root /. ssh/known_hosts: 2debug1: Authorization: signature failed: ipvsentdebug1: expecting failed: describeeddebug1: describedomaineddebug1: Authentications that can continue: publickey, gssapi-keyex, gssapi-with-mic, passworddebug1: Next authentication method: gssapi-keyexdebug1: No valid Key exchange contextdebug1: Next authentication method: gssapi-with-mic

If the above configuration is not configured, It is found to be stuck in gssapi. It is probably a problem with gssapi.

In fact, the SSH service should be optimized in the linux system optimization section.

This article from the "old boy linux O & M" blog, please be sure to keep this source http://oldboy.blog.51cto.com/2561410/1300964