connecting to a Linux server is now generally a way to connect remotely using SSH. Recently installed a server, found that Telnet is very fast, ping everything is normal, but SSH connection is very slow. After the online information query, there are a few reasons:
1, the server sshd will go to DNS to find the hostname of the client IP access, if the DNS is not available or no related records, it will consume a period of time.
2, in authentication gssapi-with-mic sometimes also consumes a period of time
First, the test to find specific reasons:
1. Use SSH-V host for debug
# ssh-v 192.168.100.10
Then it will output a lot of debug, through the debug information can see where the connection is delayed
For example, the following information is displayed:
Debug1:next Authentication Method:gssapi-with-mic
Debug1:unspecified GSS failure. Minor code may provide more information
No Credentials Cache found
2. Check the connection time
# time SSH [email protected] Exit
Second, the solution (recommended to set one by one, because each person's connection is not the same reason for slow):
Note: After the change, remember to restart the SSHD service
# Service Sshd Restart
1. Turn off DNS reverse resolution
In Linux, the default is to turn on SSH's reverse DNS resolution, which consumes a lot of time and therefore needs to be shut down.
# Vi/etc/ssh/sshd_config
Usedns=no
In the configuration file, although Usedns Yes is commented, the default switch is Yes
2. Close the GSS certification on the server
There are a lot of possible problems with authentication gssapi-with-mic, so shutting down GSS authentication can improve the SSH connection speed.
# Vi/etc/ssh/sshd_config
Gssapiauthentication No
3. Modify the nsswitch.conf file on the server
# vi/etc/nsswitch.conf
Found it
Hosts:files DNS
Switch
Hosts:files
Hosts:files DNS This line of meaning is for the host to access the order of domain name resolution, is the first access to file, that is,/etc/hosts files, if there is no record domain name in the hosts, then access to DNS, domain name resolution, if the DNS is also inaccessible, Wait for the access timeout to return, so the wait time is longer.
Note: If your server needs to access other servers through a domain name, you need to keep this line.
4. Modify the resolv.conf file on the server
# VI /etc/resolv.conf
4.1. Remove all unused IPs.
4.2, the nameserver all removed, the problem can also be resolved, but the server will not be able to surf the Internet.
4.3, if the server has been configured with a dual network card, then there will be a line in the file is not currently used IP address, delete the line.
5. Modify the Hosts file on the server
Add the client IP and hostname to the/etc/hosts file on the server
6. Open the ignorerhosts parameter on the server
The ignorerhosts parameter can ignore records that were previously logged on to the host and can greatly increase the connection speed when set to Yes
# Vi/etc/ssh/sshd_config
Ignorerhosts Yes
--------------------above are set on the server, the following are set on the client-----------------------
7, modify the client's Hosts file
Add the IP and domain name of the destination server so that the local DNS service can resolve the destination address.
# vi/etc/hosts
192.168.100.11 doiido.com
Note: The Hosts file format is ' target server_ip target server_name '. But using this method has a disadvantage if you need to add a domain name resolution to each server.
8, modify the client configuration file ssh_conf (note, not sshd_conf)
# vi/etc/ssh/ssh_conf
Found it
Gssapiauthentication Yes
Switch
Gssapiauthentication No
Troubleshoot SSH connection slow in Linux