Establishing SSH connections are slow due to Kerberos and pulickey authentication
Sanjay Chakraborty
sanjaychakrab at gmail.com
Tue Dec 1 03:53:43 UTC 2009
True,
Few days ago I build a server and fat fingure in /etc/resolv.conf file
and that was delaying ssh connection. After fixing that it's ssh
connection is fast.
On Mon, Nov 30, 2009 at 3:52 PM, Geofrey Rainey
<Geofrey.Rainey at tvnz.co.nz> wrote:
> I have similar issues with reverse-DNS lookups if it can't resolve the
> connecting IP to a hostname.
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of dustin at larmeir.com
> Sent: Monday, 30 November 2009 11:26 p.m.
> To: 'General Red Hat Linux discussion list'
> Subject: RE: Establishing SSH connections are slow due to Kerberos and
> pulickey authentication
>
> Usually when I see this behavior, it is related to an DNS issue as you
> have
> mentioned. Have you tried disabling DNS lookups in the
> /etc/ssh/ssshd_config
> file to see if it goes any faster? Maybe there is a DNS resolver within
> the
> network that is having a communication issue with these systems - Dustin
>
> # cat /etc/ssh/sshd_config | grep DNS
> #UseDNS yes
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]
> On Behalf Of Kenneth Holter
> Sent: Monday, November 30, 2009 3:53 AM
> To: redhat-list at redhat.com
> Subject: Establishing SSH connections are slow due to Kerberos and pulic
> key
> authentication
>
> Hi.
>
>
> A couple of weeks ago some of our servers started hanging for a while
> when
> establishing SSH sessions to other servers. From issuing "ssh
> <some-server>"
> to getting to the login prompt, it took about 20-30 seconds.
>
> I've seen this behavior a couple of times before, and have found that
> the
> reason for the slow connections is that SSH is trying to use Kerberos,
> hangs
> for about 10 seconds, then tries public key authentication, hangs for
> about
> 10 seconds, and then finally prompts for password. By setting the
> "GSSAPIAuthentication" option to false, either in /etc/ssh/ssh_config,
> or on
> the command line, everything works perfectly.
>
> So the problem is easy to fix, but what's puzzling me is why SSH
> suddenly
> decides to try kerberos and pulic key authentication, when I've done no
> changes to the configuration files? I believe the problem might have
> something to do with DNS, but have not figured out how these things are
> related. Have anyone else seen this behavior, and knows what's
> triggering
> it?
>
>
> Regards,
> Kenneth Holter
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> ==========================================================
> For more information on the Television New Zealand Group, visit us
> online at tvnz.co.nz
> ==========================================================
> CAUTION: This e-mail and any attachment(s) contain information that
> is intended to be read only by the named recipient(s). This information
> is not to be used or stored by any other person and/or organisation.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Regards.
Sanjay Chakraborty
More information about the redhat-list
mailing list