The main reason for the slow connection is that DNS resolution causes

Source: Internet
Author: User
Tags hmac ssh server

Workaround:

1. Change the configuration in the/etc/ssh/sshd_config file on the SSH server to the following:

Usedns no# GSSAPI optionsgssapiauthentication No

Then, perform/etc/init.d/sshd restart restart the sshd process so that the above configuration takes effect, the connection is generally not slow.

2, if it is still slow, check the SSH server/etc/hosts file, 127.0.0.1 the corresponding hostname and uname-n results, or the native IP and hostname (uname-n result) into the/etc/hosts.

[[email protected] ~]# uname-nc64[[email protected] ~]# Cat/etc/hosts#modi by Oldboy 11:12 2013/9/24127.0.0.1 C64 loca Lhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 Local host6.localdomain610.0.0.18 c64################
Use the Debug function of Ssh-v to find the cause of slowness

In fact, you can use the following command to debug why the slow details (learning this idea is very important).

[[email protected] ~]# ssh -v [email protected]openssh_5.3p1, openssl  1.0.0-fips 29 mar 2010debug1: reading configuration data /etc/ssh/ssh_ configdebug1: applying options for *debug1: connecting to 10.0.0.19 [ 10.0.0.19] port 22.debug1: connection established.debug1: permanently_set_uid: 0 /0debug1: identity file /root/.ssh/identity type -1debug1: identity file  /root/.ssh/id_rsa type -1debug1: identity file /root/.ssh/id_dsa type  -1debug1: Remote protocol version 2.0, remote software version  openssh_4.3debug1: match: openssh_4.3 pat openssh_4*debug1: enabling  compatibility mode for protocol 2.0debug1: local version string  Ssh-2.0-openssh_5.3debug1: ssh2_msg_kexinit sentdebug1: ssh2_msg_kexinit receiveddebug1: kex: server->client  aes128-ctr hmac-md5 nonedebug1: kex: client->server aes128-ctr hmac-md5  Nonedebug1: ssh2_msg_kex_dh_gex_request (1024<1024<8192)  sentdebug1: expecting ssh2_ Msg_kex_dh_gex_groupdebug1: ssh2_msg_kex_dh_gex_init sentdebug1: expecting ssh2_msg_kex_dh _gex_replythe authenticity of host  ' 10.0.0.19  (10.0.0.19) '  can ' t be  Established. Rsa key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9. are you sure you want to continue connecting  (yes/no)?  yes======= > Old boy Teacher Comments: Here is the prompt to save the key interactive hints. warning: permanently added  ' 10.0.0.19 '   (RSA)  to the list of known  hosts.debug1: ssh_rsa_verify: signature correctdebug1: ssh2_msg_newkeys sentdEbug1: expecting ssh2_msg_newkeysdebug1: ssh2_msg_newkeys receiveddebug1: ssh2_msg_ service_request sentdebug1: ssh2_msg_service_accept receiveddebug1: authentications  that can continue: publickey,passworddebug1: next authentication method:  Publickeydebug1: trying private key: /root/.ssh/identitydebug1: trying private &NBSP;KEY:&NBSP;/ROOT/.SSH/ID_RSADEBUG1:&NBSP;TRYING&NBSP;PRIVATE&NBSP;KEY:&NBSP;/ROOT/.SSH/ID_DSADEBUG1:  next authentication method: password[email protected] ' s password:=======> Here is an interactive hint that prompts for a password. debug1: authentication succeeded  (password). debug1: channel 0: new [ client-session]debug1: entering interactive session.debug1: sending  Environment.debug1: sending env lang = en_us. Utf-8last login: tue sep 24 10:30:02 2013 from 10.0.0.18 

If you are slow on a remote connection, you can determine where the card is.

[[Email protected]_a ~]# ssh -v [email protected]openssh_5.3p1, openssl  1.0.0-fips 29 mar 2010debug1: reading configuration data /etc/ssh/ssh _configdebug1: applying options for *debug1: connecting to 10.0.0.17 [ 10.0.0.17] port 22.debug1: connection established.debug1: permanently_set_uid: 0 /0debug1: identity file /root/.ssh/identity type -1debug1: identity file  /root/.ssh/id_rsa type -1debug1: identity file /root/.ssh/id_dsa type  2debug1: Remote protocol version 2.0, remote software version  Openssh_5.3debug1: match: openssh_5.3 pat openssh*debug1: enabling compatibility  mode for protocol 2.0debug1: local version string ssh-2.0-openssh_ 5.3debug1: ssh2_msg_kexinit sentdebug1: ssh2_msg_kexinit receiveddebug1: kex: server->client  aes128-ctr hmac-md5 nonedebug1: kex: client->server aes128-ctr hmac-md5  Nonedebug1: ssh2_msg_kex_dh_gex_request (1024<1024<8192)  sentdebug1: expecting ssh2_ Msg_kex_dh_gex_groupdebug1: ssh2_msg_kex_dh_gex_init sentdebug1: expecting ssh2_msg_kex_dh _gex_replydebug1: host  ' 10.0.0.17 '  is known and matches the RSA  Host key.debug1: found key in /root/.ssh/known_hosts:2debug1: ssh_rsa_verify:  signature correctdebug1: ssh2_msg_newkeys sentdebug1: expecting ssh2_msg_ newkeysdebug1: ssh2_msg_newkeys receiveddebug1: ssh2_msg_service_request sentdebug1:  ssh2_msg_service_accept receiveddebug1: authentications that can continue:  Publickey,gssapi-keyex,gssapi-wiTh-mic,passworddebug1: next authentication method: gssapi-keyexdebug1: no valid  key exchange contextdebug1: next authentication method: gssapi-with-mic

The above configuration does not match the discovery card to gssapi this. You probably know it's a gssapi problem.

In fact, the Linux System Optimization section should optimize the SSH service here.


The main reason for the slow connection is that DNS resolution causes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.