Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-08-2008, 01:03 PM
|
#1
|
Member
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251
Rep:
|
Slow SSH Login --> CentOS 5.0 --> VMware Server --> Plesk Control Panel 8.4.0
Hi there,
For a while now I have been hosting web sites out of my home and had very few (minor) problems. I would consider my newest problem to be minor as well but I don't think it is because I have to access my machine a lot.
THE PROBLEM I am having is when I log in with Putty my server authentication takes longer than usual. Any other server that I access the authentication process only takes a second or two, its almost instant.
Recently I purchased the DLINK DIR-655 Xtreme Gigabit Router to replace an older DLINK router. Now I run a CentOS 5.0 host system with VMware Server 1.0.6 and the VM is also CentOS 5.0. I am not sure where to start looking ....... is there anyway to test SSH?
|
|
|
07-08-2008, 01:22 PM
|
#2
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
Usually slow ssh logins start with Reverse DNS issues.
|
|
|
07-08-2008, 01:29 PM
|
#3
|
Member
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251
Original Poster
Rep:
|
Ok, so I have reverse DNS provided by my ISP for my static IP's, is there anything I need to do for my own box or is it something that can't be done by the end user?
|
|
|
07-08-2008, 06:56 PM
|
#4
|
Senior Member
Registered: Jun 2008
Posts: 2,529
Rep:
|
If you are on your LAN connecting to your box via private LAN address, then your LAN DNS server must provide an appropriate PTR for the LAN (eg. private address space). You can't ask public DNS servers to return anything in private IP space. So, your ISP is not involved here. Your ISPs server won't be useful here.
You can disable StrictHostKeyChecking, but this probably isn't the best choice.
|
|
|
07-10-2008, 04:02 PM
|
#5
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
You could always add each host to each systems local hosts file in /etc which might speed up the login process.
|
|
|
07-10-2008, 07:59 PM
|
#6
|
LQ Newbie
Registered: Jan 2006
Posts: 3
Rep:
|
Im unsure of this as i haven't tested for it.
But I think what happens here is if you do have some name servers setup the box will query them for the rdns. Quickly get the doesnt exist record. Then move on. Giving you the usual quick login time that you expect.
When my local caching name server for my lan is down i get the slow ssh logins. Its looking for a rnds record and waits till it times out then carry's on. When its up it works fine even though we know it can possibly be giving a correct answer for a 192.168 address.
make sure you have some valid name servers in /etc/resolve.conf and that you can dig yahoo.com from the box and resolve the name. then you should be fine.
|
|
|
07-10-2008, 08:01 PM
|
#7
|
Senior Member
Registered: Jun 2008
Posts: 2,529
Rep:
|
Exactly. Delays like this are the result of timeouts waiting for an answer vs. a negative answer.
|
|
|
07-10-2008, 08:06 PM
|
#8
|
LQ Newbie
Registered: Jan 2006
Posts: 3
Rep:
|
Im a nice guy so i went and tested this real quick by unplugging my router/caching dns server from the lan
When i did. I had the slow ssh login. When I got in I tried a dig and timed how long it took.
15seconds. That seems about right. If you counted how long it took for your ssh login to go through it would be about 15seconds.
# time dig ptr 192.168.0.101
; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; connection timed out; no servers could be reached
real 0m15.020s
user 0m0.000s
sys 0m0.004s
#
Here is that same command run again after plugging the router back in.
I didnt get any answer back but it did go through very fast.
# time dig ptr 192.168.0.101
; <<>> DiG 9.4.2 <<>> ptr 192.168.0.101
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27997
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.0.101. IN PTR
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2008071001 1800 900 604800 86400
;; Query time: 44 msec
;; SERVER: 192.168.0.13#53(192.168.0.13)
;; WHEN: Thu Jul 10 18:05:41 2008
;; MSG SIZE rcvd: 106
real 0m0.050s
user 0m0.004s
sys 0m0.004s
#
|
|
|
07-10-2008, 08:14 PM
|
#9
|
Senior Member
Registered: Jun 2008
Posts: 2,529
Rep:
|
And if you add more nameserver lines to /etc/resolv.conf, the delay will be longer.
Some resolvers have 10 second timeout, others 15.
|
|
|
07-11-2008, 04:26 PM
|
#10
|
Member
Registered: Sep 2006
Location: Canada, Alberta
Distribution: RHEL 4 and up, CentOS 5.x, Fedora Core 5 and up, Ubuntu 8 and up
Posts: 251
Original Poster
Rep:
|
Thanks to everyone who replied to this thread! I think I was able to take a way a lot of info.
In the end I edited my /etc/ssh/sshd_config file and did the following:
BEFORE:
AFTER:
After un-commenting and specifying SSH to NOT use DNS my log in time seems normal to me. I am not sure why this didn't happen before though, my server has always been behind the same router and pretty much the same settings other than the STATIC IP changing. Anyway now I am back to my supper fast log in!
Last edited by bskrakes; 07-11-2008 at 04:28 PM.
|
|
1 members found this post helpful.
|
09-10-2013, 10:44 AM
|
#11
|
LQ Newbie
Registered: Sep 2013
Posts: 2
Rep: 
|
I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no
This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.
Last edited by crackptb; 09-10-2013 at 10:46 AM.
|
|
|
12-17-2013, 10:10 AM
|
#12
|
LQ Newbie
Registered: Dec 2013
Location: Mumbai
Distribution: RHEL 6
Posts: 1
Rep: 
|
Quote:
Originally Posted by crackptb
I for a change, have found issue sligthly elswhere... Not on the server I am trying to access but Linux box I am using everyday.
I have found that delay was caused by GSSAPI authentication method on SSH local client. To resolve the issue I have edited /etc/ssh/ssh_config and updated line -> GSSAPIAuthentication no
This mod solved the speed issue for me as I use only ssh key exchange or manually typed passwords.
|
Modify below 2 parameters in /etc/ssh/sshd_config and restart sshd service.
GSSAPIAuthentication no
UseDNS no
#
|
|
|
01-05-2015, 05:32 AM
|
#13
|
LQ Newbie
Registered: Jan 2015
Posts: 1
Rep: 
|
Quote:
Originally Posted by faiz4it
Modify below 2 parameters in /etc/ssh/sshd_config and restart sshd service.
GSSAPIAuthentication no
UseDNS no
#
|
thank you very much it worked for me.
|
|
|
All times are GMT -5. The time now is 09:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|