ssh远程连接有几台机器一直很慢,前天实在忍受不了,就去排查了一下。
要知道为什么连接很慢,有个-v参数可以打出debug信息(该参数也可以是-vvv,会更详细一点,貌似其它有些应用也会用-v参数作为debug参数),对帮助问题很有用。
ssh -v 192.168.16.34
然后就看到连接的整个过程,大概类似这样的代码:
Are you sure you want to continue connecting (yes)? yes
Warning: Permanently added ‘192.168.16.34’ (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Next authentication method: publickey
debug1: Trying private key: /home/admin/.ssh/identity
debug1: Trying private key: /home/admin/.ssh/id_rsa
debug1: Offering public key: /home/admin/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
其中在debug1: Offering public key: /home/admin/.ssh/id_dsa这一段后卡了好一会,网上搜索一下,大概是DNS解析耗时,查看配置文件/etc/ssh/sshd_config,将UseDNS设置为no即可
UseDNS no
#GSSAPIAuthentication no
网上也有说是GSSAPIAuthentication造成的,其实我的sshd慢不是这个原因,GSSAPIAuthentication表明是否启用基于GSSAPI的认证方式,你可以设置no关闭。GSSAPI是通用安全服务应用程序接口,相当于是一种安全事务规范。