SSH Slow Login Fix

On fresh installed Linux servers you might have encountered that it takes quite some time before you get to see the password prompt when you connect using SSH. As soon as you entered the password everything is lightning fast. There are two items that might cause this problem:

  • DNS Resolving
  • Authentication methods that are not supported.

DNS Resolving

The DNS problem is easy to fix, make sure the SSH server is able to resolve DNS queries by configuring a DNS server. Here’s how to do it on a CentOS server:

[root@server ~]# vim /etc/resolv.conf

And add the following lines:

nameserver 208.67.222.222
nameserver 208.67.220.220

I’m using the DNS servers from OpenDNS, use any server you like. This will allow your server to perform DNS lookups. You can also tell SSH to disable DNS lookups like this:

[root@server ~]# vim /etc/ssh/sshd_config

And change the “UseDNS yes” field to “UseDNS no”.

This will ensure that SSH doesn’t try to do any reverse lookups. Don’t forget to restart SSH! If your SSH connection time is still slow after these changes, read on…

Authentication

SSH supports a number of authentication methods besides username/password. Let me show you what is happening behind the scenes when you are waiting for the password prompt:

rene@host ~ $ ssh -v root@192.168.82.144

I’m going to connect to a SSH server but I’ll use the “v” parameter (verbose). Here’s what you will see:

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Next authentication method: publickey
debug1: Trying private key: /home/host/.ssh/id_rsa
debug1: Trying private key: /home/host/.ssh/id_dsa
debug1: Trying private key: /home/host/.ssh/id_ecdsa
debug1: Next authentication method: password

Before it shows you the password prompt, SSH will first try to connect using GSSAPI-KEYEX, GSSAPI-WITH-MIC and Public Key. Since I’m not using these it’s causing a delay when trying to connect to SSH. Especially the GSSAPI-WITH-MIC is taking a long time…let’s disable it:

[root@server ~]# vim /etc/ssh/sshd_config

Now change the “GSSAPIAuthentication yes” line to “GSSAPIAuthentication no”.

Restart SSH and try to connect again:

rene@host ~ $ <strong>ssh -v root@192.168.82.144

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/renemolenaar/.ssh/id_rsa
debug1: Trying private key: /home/renemolenaar/.ssh/id_dsa
debug1: Trying private key: /home/renemolenaar/.ssh/id_ecdsa
debug1: Next authentication method: password

With GSSAPI disabled it’s flying!

In case you are wondering, GSSAPI stands for Generic Security Services API and is a standard interface so SSH can communicate with Kerberos.

I hope this lesson helps you to solve your SSH login delay…if you have any questions feel free to leave a comment.

Tags: ,


Forum Replies

  1. Really useful! Thanks, solve my delay here!

  2. Thanks Rene

    I put in all of your advised changes and ssh login is now instant.

    It used to take 2 minutes to login to HP Proliant sitting next to me :))

  3. Glad to hear it helped Johan…2 minutes is a long time to wait for a console :slight_smile:

  4. Thanks Rene,
    It is very useful to me.
    I fixed this problem
    For me, Ubuntu12.04, “Authentication” caused problem
    Actually, network engineer in our institute failed to fix this problem.

Ask a question or join the discussion by visiting our Community Forum