解決centos的SSH遠端連線服務慢的方法
串連慢的主要原因是DNS解析導致
解決方案:
1、在ssh服務端上更改/etc/ssh/sshd_config檔案中的配置為如下內容:
UseDNS no
# GSSAPI options
GSSAPIAuthentication no
然後,執行/etc/init.d/sshd restart重啟sshd進程使上述配置生效,在串連一般就不慢了。
如果還慢的話,檢查ssh服務端上/etc/hosts檔案中,127.0.0.1對應的主機名稱是否和
uname -n的結果一樣,或者把本機ip和hostname(uname -n結果)加入到/etc/hosts裡。
[python]view plaincopy
- [root@C64~]#uname-n
- C64
- [root@C64~]#cat/etc/hosts
- #modibyoldboy11:122013/9/24
- 127.0.0.1C64localhostlocalhost.localdomainlocalhost4localhost4.localdomain4
- ::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6
- 10.0.0.18C64
- ################
利用ssh-v的調試功能尋找慢的原因
其實可以用下面的命令調試為什麼慢的細節(學習這個思路很重要)。
[python]view plaincopy
- [root@C64~]#ssh-vroot@IP地址
- OpenSSH_5.3p1,OpenSSL1.0.0-fips29Mar2010
- debug1:Readingconfigurationdata/etc/ssh/ssh_config
- debug1:Applyingoptionsfor*
- debug1:Connectingto10.0.0.19[10.0.0.19]port22.
- debug1:Connectionestablished.
- debug1:permanently_set_uid:0/0
- debug1:identityfile/root/.ssh/identitytype-1
- debug1:identityfile/root/.ssh/id_rsatype-1
- debug1:identityfile/root/.ssh/id_dsatype-1
- debug1:Remoteprotocolversion2.0,remotesoftwareversionOpenSSH_4.3
- debug1:match:OpenSSH_4.3patOpenSSH_4*
- debug1:Enablingcompatibilitymodeforprotocol2.0
- debug1:LocalversionstringSSH-2.0-OpenSSH_5.3
- debug1:SSH2_MSG_KEXINITsent
- debug1:SSH2_MSG_KEXINITreceived
- debug1:kex:server->clientaes128-ctrhmac-md5none
- debug1:kex:client->serveraes128-ctrhmac-md5none
- debug1:SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)sent
- debug1:expectingSSH2_MSG_KEX_DH_GEX_GROUP
- debug1:SSH2_MSG_KEX_DH_GEX_INITsent
- debug1:expectingSSH2_MSG_KEX_DH_GEX_REPLY
- Theauthenticityofhost'10.0.0.19(10.0.0.19)'can'tbeestablished.
- RSAkeyfingerprintisca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9.
- Areyousureyouwanttocontinueconnecting(yes/no)?yes
- =======>這裡就是提示儲存密鑰的互動提示。
- Warning:Permanentlyadded'10.0.0.19'(RSA)tothelistofknownhosts.
- debug1:ssh_rsa_verify:signaturecorrect
- debug1:SSH2_MSG_NEWKEYSsent
- debug1:expectingSSH2_MSG_NEWKEYS
- debug1:SSH2_MSG_NEWKEYSreceived
- debug1:SSH2_MSG_SERVICE_REQUESTsent
- debug1:SSH2_MSG_SERVICE_ACCEPTreceived
- debug1:Authenticationsthatcancontinue:publickey,password
- debug1:Nextauthenticationmethod:publickey
- debug1:Tryingprivatekey:/root/.ssh/identity
- debug1:Tryingprivatekey:/root/.ssh/id_rsa
- debug1:Tryingprivatekey:/root/.ssh/id_dsa
- debug1:Nextauthenticationmethod:password
- root@10.0.0.19'spassword:
- <strong>=======>這裡就是提示輸入密碼的互動提示。</strong>
- debug1:Authenticationsucceeded(password).
- debug1:channel0:new[client-session]
- debug1:Enteringinteractivesession.
- debug1:Sendingenvironment.
- debug1:SendingenvLANG=en_US.UTF-8
- Lastlogin:TueSep2410:30:022013from10.0.0.18
- <strong>在遠端連線時如果慢就可以確定卡在哪了。</strong>
- [root@C64_A~]#ssh-voldboy@IP地址
- OpenSSH_5.3p1,OpenSSL1.0.0-fips29Mar2010
- debug1:Readingconfigurationdata/etc/ssh/ssh_config
- debug1:Applyingoptionsfor*
- debug1:Connectingto10.0.0.17[10.0.0.17]port22.
- debug1:Connectionestablished.
- debug1:permanently_set_uid:0/0
- debug1:identityfile/root/.ssh/identitytype-1
- debug1:identityfile/root/.ssh/id_rsatype-1
- debug1:identityfile/root/.ssh/id_dsatype2
- debug1:Remoteprotocolversion2.0,remotesoftwareversionOpenSSH_5.3
- debug1:match:OpenSSH_5.3patOpenSSH*
- debug1:Enablingcompatibilitymodeforprotocol2.0
- debug1:LocalversionstringSSH-2.0-OpenSSH_5.3
- debug1:SSH2_MSG_KEXINITsent
- debug1:SSH2_MSG_KEXINITreceived
- debug1:kex:server->clientaes128-ctrhmac-md5none
- debug1:kex:client->serveraes128-ctrhmac-md5none
- debug1:SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)sent
- debug1:expectingSSH2_MSG_KEX_DH_GEX_GROUP
- debug1:SSH2_MSG_KEX_DH_GEX_INITsent
- debug1:expectingSSH2_MSG_KEX_DH_GEX_REPLY
- debug1:Host'10.0.0.17'isknownandmatchestheRSAhostkey.
- debug1:Foundkeyin/root/.ssh/known_hosts:2
- debug1:ssh_rsa_verify:signaturecorrect
- debug1:SSH2_MSG_NEWKEYSsent
- debug1:expectingSSH2_MSG_NEWKEYS
- debug1:SSH2_MSG_NEWKEYSreceived
- debug1:SSH2_MSG_SERVICE_REQUESTsent
- debug1:SSH2_MSG_SERVICE_ACCEPTreceived
- debug1:Authenticationsthatcancontinue:publickey,gssapi-keyex,gssapi-with-mic,password
- debug1:Nextauthenticationmethod:gssapi-keyex
- debug1:NovalidKeyexchangecontext
- debug1:Nextauthenticationmethod:gssapi-with-mic
上述配置沒配就發現卡到gssapi這。就大概知道是gssapi的問題。
實際上在linux系統最佳化部分就應該最佳化SSH服務的此處。