Lesson Contents
On freshly installed Linux servers you might have encountered that it takes quite some time before you get to see the password prompt when you connect using SSH. As soon as you entered the password everything is lightning-fast. Two items might cause this problem:
- DNS Resolving
- Authentication methods that are not supported.
DNS Resolving
The DNS problem is easy to fix, make sure the SSH server is able to resolve DNS queries by configuring a DNS server. Here’s how to do it on a CentOS server:
[root@server ~]# vim /etc/resolv.confAnd add the following lines:
nameserver 208.67.222.222
nameserver 208.67.220.220I’m using the DNS servers from OpenDNS. Use any server you like. This will allow your server to perform DNS lookups. You can also tell SSH to disable DNS lookups like this:
[root@server ~]# vim /etc/ssh/sshd_configAnd change the “UseDNS yes” field to “UseDNS no”.
This will ensure that SSH doesn’t try to do any reverse lookups. Don’t forget to restart SSH! If your SSH connection time is still slow after these changes, read on…
Authentication
SSH supports some authentication methods besides username/password. Let me show you what is happening behind the scenes when you are waiting for the password prompt:
rene@host ~ $ ssh -v root@192.168.82.144I’m going to connect to an SSH server, but I’ll use the “v” parameter (verbose). Here’s what you will see:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Next authentication method: publickey
debug1: Trying private key: /home/host/.ssh/id_rsa
debug1: Trying private key: /home/host/.ssh/id_dsa
debug1: Trying private key: /home/host/.ssh/id_ecdsa
debug1: Next authentication method: passwordBefore it shows you the password prompt, SSH will try to connect using GSSAPI-KEYEX, GSSAPI-WITH-MIC, and Public Key. Since I’m not using these, it’s causing a delay when connecting to SSH. Especially the GSSAPI-WITH-MIC is taking a long time…let’s disable it:
[root@server ~]# vim /etc/ssh/sshd_configNow change the “GSSAPIAuthentication yes” line to “GSSAPIAuthentication no”.
Restart SSH and try to connect again:
rene@host ~ $ <strong>ssh -v root@192.168.82.144
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/renemolenaar/.ssh/id_rsa
debug1: Trying private key: /home/renemolenaar/.ssh/id_dsa
debug1: Trying private key: /home/renemolenaar/.ssh/id_ecdsa
debug1: Next authentication method: passwordWith GSSAPI disabled, it’s flying!
I hope this lesson helps you to solve your SSH login delay…if you have any questions, feel free to leave a comment.
Really useful! Thanks, solve my delay here!
Thanks Rene
I put in all of your advised changes and ssh login is now instant.
It used to take 2 minutes to login to HP Proliant sitting next to me :))
Glad to hear it helped Johan…2 minutes is a long time to wait for a console
Thanks Rene,
It is very useful to me.
I fixed this problem
For me, Ubuntu12.04, “Authentication” caused problem
Actually, network engineer in our institute failed to fix this problem.
You are welcome!