连接慢的主要原因是DNS解析导致
解决方法:
1、在ssh服务端上更改/etc/ssh/sshd_config文件中的配置为如下内容:
UseDNS no
# GSSAPI options
GSSAPIAuthentication no
然后,执行/etc/init.d/sshd restart重启sshd进程使上述配置生效,在连接一般就不慢了。
如果还慢的话,检查ssh服务端上/etc/hosts文件中,127.0.0.1对应的主机名是否和
uname -n的结果一样,或者把本机ip和hostname(uname -n结果)加入到/etc/hosts里。
-
[root@C64 ~]
-
C64
-
[root@C64 ~]
-
-
127.0.0.1 C64 localhost localhost.localdomain localhost4 localhost4.localdomain4
-
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
-
10.0.0.18 C64
-
利用ssh-v的调试功能查找慢的原因
其实可以用下面的命令调试为什么慢的细节(学习这个思路很重要)。
-
[root@C64 ~]
-
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
-
debug1: Reading configuration data /etc/ssh/ssh_config
-
debug1: Applying options for *
-
debug1: Connecting to 10.0.0.19 [10.0.0.19] port 22.
-
debug1: Connection established.
-
debug1: permanently_set_uid: 0/0
-
debug1: identity file /root/.ssh/identity type -1
-
debug1: identity file /root/.ssh/id_rsa type -1
-
debug1: identity file /root/.ssh/id_dsa type -1
-
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
-
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
-
debug1: Enabling compatibility mode for protocol 2.0
-
debug1: Local version string SSH-2.0-OpenSSH_5.3
-
debug1: SSH2_MSG_KEXINIT sent
-
debug1: SSH2_MSG_KEXINIT received
-
debug1: kex: server->client aes128-ctr hmac-md5 none
-
debug1: kex: client->server aes128-ctr hmac-md5 none
-
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
-
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
-
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
-
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
-
The authenticity of host '10.0.0.19 (10.0.0.19)' can't be established.
-
RSA key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9.
-
Are you sure you want to continue connecting (yes/no)? yes
-
=======>这里就是提示保存密钥的交互提示。
-
Warning: Permanently added '10.0.0.19' (RSA) to the list of known hosts.
-
debug1: ssh_rsa_verify: signature correct
-
debug1: SSH2_MSG_NEWKEYS sent
-
debug1: expecting SSH2_MSG_NEWKEYS
-
debug1: SSH2_MSG_NEWKEYS received
-
debug1: SSH2_MSG_SERVICE_REQUEST sent
-
debug1: SSH2_MSG_SERVICE_ACCEPT received
-
debug1: Authentications that can continue: publickey,password
-
debug1: Next authentication method: publickey
-
debug1: Trying private key: /root/.ssh/identity
-
debug1: Trying private key: /root/.ssh/id_rsa
-
debug1: Trying private key: /root/.ssh/id_dsa
-
debug1: Next authentication method: password
-
root@10.0.0.19's password:
-
<strong>=======>这里就是提示输入密码的交互提示。</strong>
-
debug1: Authentication succeeded (password).
-
debug1: channel 0: new [client-session]
-
debug1: Entering interactive session.
-
debug1: Sending environment.
-
debug1: Sending env LANG = en_US.UTF-8
-
Last login: Tue Sep 24 10:30:02 2013 from 10.0.0.18
-
<strong>在远程连接时如果慢就可以确定卡在哪了。</strong>
-
[root@C64_A ~]
-
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
-
debug1: Reading configuration data /etc/ssh/ssh_config
-
debug1: Applying options for *
-
debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22.
-
debug1: Connection established.
-
debug1: permanently_set_uid: 0/0
-
debug1: identity file /root/.ssh/identity type -1
-
debug1: identity file /root/.ssh/id_rsa type -1
-
debug1: identity file /root/.ssh/id_dsa type 2
-
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
-
debug1: match: OpenSSH_5.3 pat OpenSSH*
-
debug1: Enabling compatibility mode for protocol 2.0
-
debug1: Local version string SSH-2.0-OpenSSH_5.3
-
debug1: SSH2_MSG_KEXINIT sent
-
debug1: SSH2_MSG_KEXINIT received
-
debug1: kex: server->client aes128-ctr hmac-md5 none
-
debug1: kex: client->server aes128-ctr hmac-md5 none
-
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
-
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
-
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
-
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
-
debug1: Host '10.0.0.17' is known and matches the RSA host key.
-
debug1: Found key in /root/.ssh/known_hosts:2
-
debug1: ssh_rsa_verify: signature correct
-
debug1: SSH2_MSG_NEWKEYS sent
-
debug1: expecting SSH2_MSG_NEWKEYS
-
debug1: SSH2_MSG_NEWKEYS received
-
debug1: SSH2_MSG_SERVICE_REQUEST sent
-
debug1: SSH2_MSG_SERVICE_ACCEPT received
-
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
-
debug1: Next authentication method: gssapi-keyex
-
debug1: No valid Key exchange context
-
debug1: Next authentication method: gssapi-with-mic
上述配置没配就发现卡到gssapi这。就大概知道是gssapi的问题。
实际上在linux系统优化部分就应该优化SSH服务的此处。
(责任编辑:IT) |