Troubleshoot SSH connection slow in Linux

Source: Internet
Author: User
Tags reverse dns

connecting to a Linux server is now generally a way to connect remotely using SSH. Recently installed a server, found that Telnet is very fast, ping everything is normal, but SSH connection is very slow. After the online information query, there are a few reasons:
1, the server sshd will go to DNS to find the hostname of the client IP access, if the DNS is not available or no related records, it will consume a period of time.
2, in authentication gssapi-with-mic sometimes also consumes a period of time


First, the test to find specific reasons:

1. Use SSH-V host for debug

# ssh-v 192.168.100.10
Then it will output a lot of debug, through the debug information can see where the connection is delayed
For example, the following information is displayed:
Debug1:next Authentication Method:gssapi-with-mic
Debug1:unspecified GSS failure. Minor code may provide more information
No Credentials Cache found

2. Check the connection time
# time SSH [email protected] Exit



Second, the solution (recommended to set one by one, because each person's connection is not the same reason for slow):

Note: After the change, remember to restart the SSHD service
# Service Sshd Restart

1. Turn off DNS reverse resolution
In Linux, the default is to turn on SSH's reverse DNS resolution, which consumes a lot of time and therefore needs to be shut down.
# Vi/etc/ssh/sshd_config
Usedns=no

In the configuration file, although Usedns Yes is commented, the default switch is Yes


2. Close the GSS certification on the server
There are a lot of possible problems with authentication gssapi-with-mic, so shutting down GSS authentication can improve the SSH connection speed.

# Vi/etc/ssh/sshd_config
Gssapiauthentication No


3. Modify the nsswitch.conf file on the server
# vi/etc/nsswitch.conf
Found it
Hosts:files DNS
Switch
Hosts:files

Hosts:files DNS This line of meaning is for the host to access the order of domain name resolution, is the first access to file, that is,/etc/hosts files, if there is no record domain name in the hosts, then access to DNS, domain name resolution, if the DNS is also inaccessible, Wait for the access timeout to return, so the wait time is longer.
Note: If your server needs to access other servers through a domain name, you need to keep this line.


4. Modify the resolv.conf file on the server

# VI /etc/resolv.conf

4.1. Remove all unused IPs.
4.2, the nameserver all removed, the problem can also be resolved, but the server will not be able to surf the Internet.
4.3, if the server has been configured with a dual network card, then there will be a line in the file is not currently used IP address, delete the line.



5. Modify the Hosts file on the server
Add the client IP and hostname to the/etc/hosts file on the server


6. Open the ignorerhosts parameter on the server

The ignorerhosts parameter can ignore records that were previously logged on to the host and can greatly increase the connection speed when set to Yes


# Vi/etc/ssh/sshd_config
Ignorerhosts Yes


--------------------above are set on the server, the following are set on the client-----------------------


7, modify the client's Hosts file
Add the IP and domain name of the destination server so that the local DNS service can resolve the destination address.
# vi/etc/hosts
192.168.100.11 doiido.com

Note: The Hosts file format is ' target server_ip target server_name '. But using this method has a disadvantage if you need to add a domain name resolution to each server.


8, modify the client configuration file ssh_conf (note, not sshd_conf)
# vi/etc/ssh/ssh_conf
Found it
Gssapiauthentication Yes
Switch
Gssapiauthentication No




Troubleshoot SSH connection slow in Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.