首页 > *nix技术, UbuntuKylin > Linux下ssh远程连接缓慢问题的解决

Linux下ssh远程连接缓慢问题的解决

2013年6月16日 发表评论 阅读评论 3,623 次浏览

这个问题之前就遇到过,但都是顺手解决了,没有做个记录,今天在使用ubuntukylin 13.04时又遇到了,所以记录一下。
系统环境如下:

lenky@lenky-Inspiron-545s:~$ uname -a
Linux lenky-Inspiron-545s 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:19:42 UTC 2013 i686 i686 i686 GNU/Linux
lenky@lenky-Inspiron-545s:~$ cat /etc/issue
Ubuntu 13.04 \n \l

问题表现如下:

lenky@lenky-Inspiron-545s:~$ sudo ssh -v xxx.xxx.org
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xxx.xxx.org [109.169.69.113] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 7d:52:dc:46:4f:61:38:22:32:0f:3a:a2:5b:d1:f7:c5
debug1: Host 'xxx.xxx.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Next authentication method: password
root@xxx.xxx.org's password: 

可以看到原因在GSS相关功能失败,那么对应的解决方案就是禁言GSS功能。下面是我已经改好的文件,也就是改默认值yes为no:

lenky@lenky-Inspiron-545s:~$ grep GSSAPIAuthentication /etc/ssh/ssh_config 
#   GSSAPIAuthentication no
    GSSAPIAuthentication no

其他可能的缓慢原因:
1,连接方对服务器域名进行查询解析的时间消耗,那么修改/etc/hosts文件,加上:
222.333.444.555 xxx.xxx.org

2,服务器方对客户端地址做DNS反解析的时间消耗,那么修改/etc/ssh/sshd_config文件,在文件末尾加上(如果已存在则做选项修改即可):
UseDNS no
因为是服务器端,所以要对sshd做重启:
/etc/init.d/ssh restart

转载请保留地址:http://www.lenky.info/archives/2013/06/2308http://lenky.info/?p=2308


备注:如无特殊说明,文章内容均出自Lenky个人的真实理解而并非存心妄自揣测来故意愚人耳目。由于个人水平有限,虽力求内容正确无误,但仍然难免出错,请勿见怪,如果可以则请留言告之,并欢迎来讨论。另外值得说明的是,Lenky的部分文章以及部分内容参考借鉴了网络上各位网友的热心分享,特别是一些带有完全参考的文章,其后附带的链接内容也许更直接、更丰富,而我只是做了一下归纳&转述,在此也一并表示感谢。关于本站的所有技术文章,欢迎转载,但请遵从CC创作共享协议,而一些私人性质较强的心情随笔,建议不要转载。

法律:根据最新颁布的《信息网络传播权保护条例》,如果您认为本文章的任何内容侵犯了您的权利,请以Email或书面等方式告知,本站将及时删除相关内容或链接。

分类: *nix技术, UbuntuKylin 标签: ,
  1. 2013年6月17日18:29 | #1

    可能不是因为 GSSAPIAuthentication.
    http://blog.csdn.net/suvi/article/details/4059558 这里写的加了条保持连接的iptalbes 规则

    • lenky
      2013年6月17日19:10 | #2

      嗯嗯,不过那是他个人错误设置导致,不属于一般情况。:)

  1. 本文目前尚无任何 trackbacks 和 pingbacks.