SSH : Takes a long time to login to a remote server
I am using SSH to login from one Linux 7.3 machine to a Linux Enterprise machine.
The problem is when I type "ssh user1@10.10.1.10", the password appears immediately but after I enter the password it takes about 10 seconds to login completely. I have tried logging in with ftp and everything happens within a second - no problem. Can anyone tell me what's wrong? Do I need to check the client or the server config files? Should I show the sshd_config file in the server? resolv.conf file in the server? hosts file? I read somewhere that this has something to do with the DNS. Please help. Let me know what I need to provide. |
That 10 second delay is probably down to negotiation - where the client and server agree on a common encryption method, exchange keys and agree a session key. These actions need random numbers from the kernel, and it all takes time. I believe that OpenSSH also includes a fake delay to prevent dictionary attacks on passwords so "accept" and "refuse" take about the same amount of time.
My connections take about that time - Windows running PuTTY to FC4 running OpenSSH, SSHv2 using public keys. WinSCP3 (sftp) takes about the same time to connect and authenticate. |
me too
i am also having this problem. 10 or 20sec delay. other computers on the same lan almost instantaneous. this also happens when i try to connect to the mysql db server on that machine. this is not normal. i am starting to wonder if it my network card is going bad or maybe my router/switch is going bad.
edit: problem fixed by adding the client machine's ip to /etc/hosts on the server machine. not sure why it worked fine prior adding this entry weeks ago. now there is no delay betwn entering my uid and getting the password request from ssh. |
I occassionaly experience this issue, usually down to network load and connections to the server. I would guess the same as the other posts, negotiation of encryption etc.
|
sake of help
Check DNS settings
|
Hi,
Take a look at the UseDNS [yes|no] in the sshd_config file. If it is set to Yes there is a good chance that a delay will/can occur. Take a look here: OpenSSH FAQ especially chapter 3.3. It also points to some other possible delay causes. |
@abeltagui: You decided to dig up a 3+ year old thread to give that bit of non-specific advice? ;)
|
Quote:
|
Most appropriate method to know the problem is to connect using ssh in debug mode
# ssh -v <Server name> OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to mysql [192.168.0.29] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 1a:2c:c4:62:cc:27:1b:76:6b:f7:b2:38:00:7b:3f:63 debug1: Host 'mysql' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found Line mark in red was causing the delay in my case. I commented out following line on the destination server and it resolved the issue in my case Code:
# GSSAPI options |
All times are GMT -5. The time now is 11:12 AM. |