Troubleshoot SSH connection slow in Linux

Connecting to a Linux server is now generally a way to connect remotely using SSH. Recently installed a server, found that Telnet is very fast, ping everything is normal, but SSH connection is very slow. After the online information query, there are a few reasons:

1, the server sshd will go to DNS to find the hostname of the client IP access, if the DNS is not available or no related records, it will consume a period of time.

2, in authentication gssapi-with-mic sometimes also consumes a period of time

First, the test to find specific reasons:

1. Use SSH-V host for debug

# ssh-v 192.168.100.10

Then it will output a lot of debug, through the debug information can see where the connection is delayed

For example, the following information is displayed:

Debug1:next Authentication Method:gssapi-with-mic

Debug1:unspecified GSS failure. Minor code may provide more information

No Credentials Cache found

2. Check the connection time

# time SSH [email protected] Exit

Second, the solution (recommended to set one by one, because each person's connection is not the same reason for slow):

Note: After the change, remember to restart the SSHD service

# Service Sshd Restart

1. Turn off DNS reverse resolution

In Linux, the default is to turn on SSH's reverse DNS resolution, which consumes a lot of time and therefore needs to be shut down.

# Vi/etc/ssh/sshd_configusedns=no

In the configuration file, although Usedns Yes is commented, the default switch is Yes

2. Close the GSS certification on the server

There are a lot of possible problems with authentication gssapi-with-mic, so shutting down GSS authentication can improve the SSH connection speed.

# Vi/etc/ssh/sshd_configgssapiauthentication No

3. Modify the nsswitch.conf file on the server

# vi/etc/nsswitch.conf found hosts:files DNS changed to Hosts:files

Hosts:files DNS This line of meaning is for the host to access the order of domain name resolution, is the first access to file, that is,/etc/hosts files, if there is no record domain name in the hosts, then access to DNS, domain name resolution, if the DNS is also inaccessible, Wait for the access timeout to return, so the wait time is longer.

Note: If your server needs to access other servers through a domain name, you need to keep this line.

4. Modify the resolv.conf file on the server

4.1. Delete all unused IPs in/etc/resolv.conf.

4.2, the nameserver all removed, the problem can also be resolved, but the server will not be able to surf the Internet.

4.3, if the server has been configured with a dual network card, then there will be a line in the file is not currently used IP address, delete the line.

5. Modify the Hosts file on the server

Add the client IP and hostname to the/etc/hosts file on the server

6. Open the ignorerhosts parameter on the server

The ignorerhosts parameter can ignore records that were previously logged on to the host and can greatly increase the connection speed when set to Yes

# vi/etc/ssh/sshd_configignorerhosts Yes

----------------above are set on the server, the following are set on the client-------------------

7, modify the client's Hosts file

Add the IP and domain name of the destination server so that the local DNS service can resolve the destination address.

# vi/etc/hosts192.168.100.11 Doiido.com

Note: The Hosts file format is ' target server_ip target server_name '. But using this method has a disadvantage if you need to add a domain name resolution to each server.

8, modify the client configuration file ssh_conf (note, not sshd_conf)

# vi/etc/ssh/ssh_conf Find gssapiauthentication Yes change gssapiauthentication no

Troubleshoot SSH connection slow in Linux