环境:
服务器端OS:Ubuntu 15.04
客户端OS:Windows 7
ssh 客户端:putty 0.63
公司内使用的一台编译服务器,一直是用putty来做ssh连接,每次连接的时候,都要输入用户面和密码,包括scp上传文件的操作,效率很低
login as: user
user@192.168.1.230's password:最近服务器在输入完登录的用户名之后,总是要等很久(10s以上)才能出password的输入框,重启服务器也没有用。
问题分析:
使用ssh -v username@{ip_address}来查看ssh连接的日志
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /c/Users/coffee/.ssh/config
debug1: Connecting to 192.168.1.230 [192.168.1.230] port 22.
debug1: Connection established.
debug1: identity file /c/Users/coffee/.ssh/id_rsa type 1
debug1: identity file /c/Users/coffee/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/coffee/.ssh/id_dsa type -1
debug1: identity file /c/Users/coffee/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/coffee/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/coffee/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/coffee/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/coffee/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Ubuntu-5ubuntu1.4
debug1: match: OpenSSH_6.7p1 Ubuntu-5ubuntu1.4 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 53:3e:47:9e:c1:3d:21:7d:df:e6:9e:df:f9:0c:f2:14
debug1: Host '192.168.1.230' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/coffee/.ssh/known_hosts:7
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/coffee/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /c/Users/coffee/.ssh/id_dsa
debug1: Trying private key: /c/Users/coffee/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/coffee/.ssh/id_ed25519
debug1: Next authentication method: password猜测是公钥验证的方式耗时太多,于是进行了公钥的配置:
1.利用ssh-keygen生成公钥和私钥:id_rsd.pub和id_rsa
2.上传id_rsa.pub到服务器的.ssh目录下:
scp id_rsa.pub user@192.168.1.230:/home/user/.ssh/authorized_keys
配置到这里的话,如果使用纯ssh命令,是可以免密码登录了,如果要使用putty的话,还要再进行下一步
3.利用puttygen.exe生成putty下使用的私钥 :
运行puttygen.exe,选择菜单Conversions->Import key,选择刚才生成的id_rsa,点击save private key,保存为id_rsa.ppk
4.putty配置使用id_rsa.ppk
左侧菜单中的Connection->SSH->Auth,右侧的Private key file for authentication 选择id_rsa.ppk
(同时可以配置Connection->Data中的auto-login username,这样登录服务器的时候就不用再输一遍用户名了)
之后在session输入自己要访问服务器的Host Name,连接之后,在标题栏的菜单里选择Change Settings,把当前的Session配置保存下来,之后再连接的时候,就可以免密码连接服务器了
本来以为配置完之后就可以了,但是 仍 然 很 慢!!
根据网上的资料(http://www.linuxidc.com/Linux/2012-12/77144.htm),连接慢还有可能是服务器端ssh配置的问题。
查看服务器端的sshd-config,里面没有配置UserDNS和GSSAPIAuthentication ,难道不是这两个配置的问题??
手动添加UseDNS no,再连接,速度变的飞快,基本上是连接无等待。看样子应该是默认配置成了UseDNS yes。
配置完后,使用变得极其流畅,感觉效率也提高了不少。强烈推荐大家,有时间的话就去配置一下,能省不少时间。
参考资料:
使用public/private key让putty(ssh)自动登录
128
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
