LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Slow SSH Login --> CentOS 5.0 --> VMware Server --> Plesk Control Panel 8.4.0 (http://www.linuxquestions.org/questions/linux-general-1/slow-ssh-login-centos-5-0-vmware-server-plesk-control-panel-8-4-0-a-654362/)

bskrakes 07-08-2008 01:03 PM

Slow SSH Login --> CentOS 5.0 --> VMware Server --> Plesk Control Panel 8.4.0
 
Hi there,

For a while now I have been hosting web sites out of my home and had very few (minor) problems. I would consider my newest problem to be minor as well but I don't think it is because I have to access my machine a lot.

THE PROBLEM I am having is when I log in with Putty my server authentication takes longer than usual. Any other server that I access the authentication process only takes a second or two, its almost instant.

Recently I purchased the DLINK DIR-655 Xtreme Gigabit Router to replace an older DLINK router. Now I run a CentOS 5.0 host system with VMware Server 1.0.6 and the VM is also CentOS 5.0. I am not sure where to start looking ....... is there anyway to test SSH?

trickykid 07-08-2008 01:22 PM

Usually slow ssh logins start with Reverse DNS issues.

bskrakes 07-08-2008 01:29 PM

Ok, so I have reverse DNS provided by my ISP for my static IP's, is there anything I need to do for my own box or is it something that can't be done by the end user?

Mr. C. 07-08-2008 06:56 PM

If you are on your LAN connecting to your box via private LAN address, then your LAN DNS server must provide an appropriate PTR for the LAN (eg. private address space). You can't ask public DNS servers to return anything in private IP space. So, your ISP is not involved here. Your ISPs server won't be useful here.

You can disable StrictHostKeyChecking, but this probably isn't the best choice.

trickykid 07-10-2008 04:02 PM

You could always add each host to each systems local hosts file in /etc which might speed up the login process.

yummycheese 07-10-2008 07:59 PM

Im unsure of this as i haven't tested for it.

But I think what happens here is if you do have some name servers setup the box will query them for the rdns. Quickly get the doesnt exist record. Then move on. Giving you the usual quick login time that you expect.

When my local caching name server for my lan is down i get the slow ssh logins. Its looking for a rnds record and waits till it times out then carry's on. When its up it works fine even though we know it can possibly be giving a correct answer for a 192.168 address.

make sure you have some valid name servers in /etc/resolve.conf and that you can dig yahoo.com from the box and resolve the name. then you should be fine.

Mr. C. 07-10-2008 08:01 PM

Exactly. Delays like this are the result of timeouts waiting for an answer vs. a negative answer.

yummycheese 07-10-2008 08:06 PM

Im a nice guy so i went and tested this real quick by unplugging my router/caching dns server from the lan

When i did. I had the slow ssh login. When I got in I tried a dig and timed how long it took.
15seconds. That seems about right. If you counted how long it took for your ssh login to go through it would be about 15seconds.

# time dig ptr 192.168.0.101

; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; connection timed out; no servers could be reached

real 0m15.020s
user 0m0.000s
sys 0m0.004s
#

Here is that same command run again after plugging the router back in.
I didnt get any answer back but it did go through very fast.

# time dig ptr 192.168.0.101

; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27997
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.0.101. IN PTR

;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2008071001 1800 900 604800 86400

;; Query time: 44 msec
;; SERVER: 192.168.0.13#53(192.168.0.13)
;; WHEN: Thu Jul 10 18:05:41 2008
;; MSG SIZE rcvd: 106

real 0m0.050s
user 0m0.004s
sys 0m0.004s
#

Mr. C. 07-10-2008 08:14 PM

And if you add more nameserver lines to /etc/resolv.conf, the delay will be longer.

Some resolvers have 10 second timeout, others 15.

bskrakes 07-11-2008 04:26 PM

Thanks to everyone who replied to this thread! I think I was able to take a way a lot of info.

In the end I edited my /etc/ssh/sshd_config file and did the following:

BEFORE:
Quote:

#UseDNS yes
AFTER:
Quote:

UseDNS no
After un-commenting and specifying SSH to NOT use DNS my log in time seems normal to me. I am not sure why this didn't happen before though, my server has always been behind the same router and pretty much the same settings other than the STATIC IP changing. Anyway now I am back to my supper fast log in!

crackptb 09-10-2013 10:44 AM

I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no

This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.

faiz4it 12-17-2013 10:10 AM

Quote:

Originally Posted by crackptb (Post 5025317)
I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no

This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.


Modify below 2 parameters in /etc/ssh/sshd_config and restart sshd service.
GSSAPIAuthentication no
UseDNS no

#


All times are GMT -5. The time now is 01:45 PM.