How To Fix: SCP And SSH Login Prompt Is Very Slow In Linux

Copyright ? Walker 06 Apr 2009 23:48
Apparently,today is not a good day for me. But it’s not too bad too as I stillhave enough fingers to count all these bad incidents :-)

OK, back to topic. How to find out that what cause the SSH or SCP loginprompt to slowdown? How could you fix this so-called slow or delayed SSHand SCP login prompt?

This is one of the “bad incident” happened on me today – as the bosswas looking at me to scp program patches to a remote Linux-basedapplication server, the SSH login prompt took more than 1 minute to appear on screen.

To be precise, the stopwatch showed that it took exactly 1 minute and 25 seconds to display SSH login prompt!

Luckily, I do not have to Google for more than a minute to find the cause and solution :-)

What causes SCP and SSH login prompt to slowdown?

For my case, the GSSAPI authentication feature was causing the delayed SSH login prompt!

You can confirm the causes of your case by using the -v optionswitch. For example, the following is the verbose response of SSH loginprocess started with -v option:

dev01 [/home/devstl]$ ssh -v appssupp@10.50.100.111..................debug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,gssapi-with-mic,passworddebug1: Next authentication method: gssapi-with-micdebug1: An invalid name was suppliedCannot determine realm for numeric host addressdebug1: An invalid name was suppliedCannot determine realm for numeric host addressdebug1: An invalid name was suppliedCannot determine realm for numeric host addressdebug1: Next authentication method: publickeydebug1: Trying private key: /home/devstl/.ssh/identitydebug1: Trying private key: /home/devstl/.ssh/id_rsadebug1: Trying private key: /home/devstl/.ssh/id_dsadebug1: Next authentication method: passwordappssupp@10.50.100.111's password:

How to fix SCP and SSH delayed login prompt?

The answer for my case is apparently by disabling GSSAPI authentication, which can be done in one of these three ways:

The “fix” is tested with SSH clients installed by openssh-clients-3.9p1-8.RHEL4.15 RPM file.

1) Specify the option to disable GSSAPI authentication when using SSH or SCP command, e.g.:

ssh -o GSSAPIAuthentication=no appssupp@10.50.100.111

2) Explicitly disable GSSAPI authentication in SSH client program configuration file, i.e. edit the /etc/ssh/ssh_config and add in this configuration (if it’s not already in the config file):

GSSAPIAuthentication no

3) Create a file called config in .sshdirectory of respective user home directory (or whichever user homedirectory that need to get rid of this show login prompt). For example,edit /home/devstl/.ssh/config (create the config file if it’s not currently exist) and add in the GSSAPIAuthentication no option.

1) /etc/ssh/ssh_config is a global SSH client configuration file that affects all system users who are using SSH client programs.

2) /home/devstl/.ssh/config is local SSHclient configuration file that only affects the user account calleddevstl. Whatever SSH client options specified in this local fileoverwrite the options stated in global SSH client configuration file.

After disabling GSSAPI authentication, SSH login prompt is back to “normal” now:

dev01 [/home/devstl]$ ssh -v appssupp@10.50.100.111..................debug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,gssapi-with-mic,passworddebug1: Next authentication method: publickeydebug1: Trying private key: /home/devstl/.ssh/identitydebug1: Trying private key: /home/devstl/.ssh/id_rsadebug1: Trying private key: /home/devstl/.ssh/id_dsadebug1: Next authentication method: passwordappssupp@10.50.100.111's password:

As you can see, the SSH login is not currently authenticated via public key cryptography method, which I’ve to fix it later :-(

方法二：
我?自?己?在?内?部?网?路?使?用? ?s?s?h? ?相?互?连?接?的?时?侯?，?一?般?主?机?的?反?应?都?很?快?，?只?有?一?两?次?架?设?的?新?主?机?会?很?慢?，?所?以?也?就?不?以?为?意?了?。

今?天?又?在?玩?弄?新?主?机?的?时?侯?，?又?发?生?同?样? ?s?s?h??连?接?很?慢?的?问?题?，?所?以?我?决?心?把?问?题?找?出?来?，?在? ?g?o?o?g?l?e??找?很?多?文?章?，?大?多?是?指?向? ?D?N?S??反?查?的?问?题?，?一?般?文?章?的?解?决?方?式?也?都?大?同?小?异?，?就?是?关?闭? ?s?s?h??的?反?查?机?制?！

关?闭?方?法?一?∶?修?改??/?e?t?c?/?s?s?h?/?s?s?h?d?_?c?o?n?f?i?g? ?，?把? ?#?U?s?e?D?N?S? ?y?e?s??前?的?#?去?掉?，?改?成? ?U?s?e?D?N?S? ?n?o? ?就?可?以?了?。

关?闭?方?法?二?∶?修?改? ?/?e?t?c?/?n?s?s?w?i?t?c?h?.?c?o?n?f? ?，?把? ?#?h?o?s?t?s?:? ?f?i?l?e?s??d?n?s?这?一?行?换?成? ?h?o?s?t?s?:? ?f?i?l?e?s??d?n?s?[?N?O?T?F?O?U?N?D?=?r?e?t?u?r?n?]?。

最?後?再?重?新?启?动? ?s?s?h? ?服?务?，?但?是?经?测?试?的?结?果?是?.?.?.?还?是?很?慢?，?後?来?实?验?出?最?快?的?方?法?∶

只?要?把?你?要?连?接?的?主?机?定?义?在? ?/?e?t?c?/?h?o?s?t?s? ?档?里?面?就?可?以?了?。

1?2?7?.?0?.?0?.?1? ?l?o?c?a?l?h?o?s?t? ?l?o?c?a?l?h?o?s?t
1?9?2?.?1?6?8?.?1?.?1?0?0? ?p?c?5?0? ?????

修?改?完? ?s?s?h? ?的?连?接?速?度?就?变?快?棉?。

但是这两种方法一定要重启SSHD服务！