ssh takes a long time to connect on some hosts
Solution 1:
Since you are getting GSS failure, you can try adding:
GSSAPIAuthentication no
to /etc/ssh/sshd_config. Then restart the service
/etc/init.d/sshd restart
Solution 2:
Try adding the following line to /etc/ssh/sshd_config
on node2:
UseDNS no
Then restart sshd:
/etc/init.d/ssh restart
Or if the above doesn't exist:
/etc/init.d/sshd restart
Solution 3:
Edit /etc/ssh/sshd_config on the server and add (if it's not there) at the bottom UseDNS no
then restart the SSH daemon.
Will stop your machines from resolving DNS and will speed up the process.
Solution 4:
- Take a look here: OpenSSH FAQ especially chapter 3.3. It also points to some other possible delay causes.
or Most appropriate method to know the problem is to connect using ssh in debug mode:
# ssh -v <Server name> OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to mysql [192.168.0.29] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 1a:2c:c4:62:cc:27:1b:76:6b:f7:b2:38:00:7b:3f:63 debug1: Host 'mysql' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password ->> debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found<br/>
Line marked with arrow was causing the delay in my case. I commented out following line on the destination server and it resolved the issue in my case
#GSSAPI options #GSSAPIAuthentication no #GSSAPIAuthentication yes #GSSAPICleanupCredentials yes #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no
restart the SSH daemon on the remote server and try to reconnect.. it s fine!
- Some versions of glibc (
notably glibc 2.1 shipped with Red Hat 6.1
) can take a long time to resolve“IPv6 or IPv4″
addresses from domain names. This can be worked around with by specifying AddressFamily inet option inssh_config
. - There may be a DNS lookup problem, either at the client or server. You can use the
nslookup
command to check this on both client and server by looking up the other end’s name and IP address. In addition, on the server look up the name returned by the client’s IP-name lookup. You can disable most of the server-side lookups by setting UseDNS no insshd_config
.