SSH远程连接服务慢的解决方案

连接慢的主要原因是DNS解析导致

解决方法：

1、在ssh服务端上更改/etc/ssh/sshd_config文件中的配置为如下内容：

UseDNSno

#GSSAPI options

GSSAPIAuthenticationno

然后，执行/etc/init.d/sshd restart重启sshd进程使上述配置生效，在连接一般就不慢了。

 

2、如果还慢的话，检查ssh服务端上/etc/hosts文件中，127.0.0.1对应的主机名是否和 uname -n的结果一样，或者把本机ip和hostname(uname -n结果)加入到/etc/hosts里。

[root@C64~]# uname -n

C64

[root@C64~]# cat /etc/hosts

#modiby oldboy 11:12 2013/9/24

127.0.0.1   C64 localhost localhost.localdomainlocalhost4 localhost4.localdomain4

::1         localhost localhost.localdomainlocalhost6 localhost6.localdomain6

10.0.0.18   C64

################

利用ssh -v的调试功能查找慢的原因

其实可以用下面的命令调试为什么慢的细节（学习这个思路很重要）。

[root@C64~]# ssh -v root@10.0.0.19

OpenSSH_5.3p1,OpenSSL 1.0.0-fips 29 Mar 2010

debug1:Reading configuration data /etc/ssh/ssh_config

debug1:Applying options for *

debug1:Connecting to 10.0.0.19 [10.0.0.19] port 22.

debug1:Connection established.

debug1:permanently_set_uid: 0/0

debug1:identity file /root/.ssh/identity type -1

debug1:identity file /root/.ssh/id_rsa type -1

debug1:identity file /root/.ssh/id_dsa type -1

debug1:Remote protocol version 2.0, remote software version OpenSSH_4.3

debug1:match: OpenSSH_4.3 pat OpenSSH_4*

debug1:Enabling compatibility mode for protocol 2.0

debug1:Local version string SSH-2.0-OpenSSH_5.3

debug1:SSH2_MSG_KEXINIT sent

debug1:SSH2_MSG_KEXINIT received

debug1:kex: server->client aes128-ctr hmac-md5 none

debug1:kex: client->server aes128-ctr hmac-md5 none

debug1:SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1:expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1:SSH2_MSG_KEX_DH_GEX_INIT sent

debug1:expecting SSH2_MSG_KEX_DH_GEX_REPLY

Theauthenticity of host '10.0.0.19 (10.0.0.19)' can't be established.

RSAkey fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9.

Areyou sure you want to continue connecting (yes/no)? yes

=======>这里就是提示保存密钥的交互提示。

Warning:Permanently added '10.0.0.19' (RSA) to the list of known hosts.

debug1:ssh_rsa_verify: signature correct

debug1:SSH2_MSG_NEWKEYS sent

debug1:expecting SSH2_MSG_NEWKEYS

debug1:SSH2_MSG_NEWKEYS received

debug1:SSH2_MSG_SERVICE_REQUEST sent

debug1:SSH2_MSG_SERVICE_ACCEPT received

debug1:Authentications that can continue: publickey,password

debug1:Next authentication method: publickey

debug1:Trying private key: /root/.ssh/identity

debug1:Trying private key: /root/.ssh/id_rsa

debug1:Trying private key: /root/.ssh/id_dsa

debug1:Next authentication method: password

root@10.0.0.19'spassword:

=======>这里就是提示输入密码的交互提示。

debug1:Authentication succeeded (password).

debug1:channel 0: new [client-session]

debug1:Entering interactive session.

debug1:Sending environment.

debug1:Sending env LANG = en_US.UTF-8

Lastlogin: Tue Sep 24 10:30:02 2013 from 10.0.0.18

在远程连接时如果慢就可以确定卡在哪了。

[root@C64_A~]# ssh -v oldboy@10.0.0.17

OpenSSH_5.3p1,OpenSSL 1.0.0-fips 29 Mar 2010

debug1:Reading configuration data /etc/ssh/ssh_config

debug1:Applying options for *

debug1:Connecting to 10.0.0.17 [10.0.0.17] port 22.

debug1:Connection established.

debug1:permanently_set_uid: 0/0

debug1:identity file /root/.ssh/identity type -1

debug1:identity file /root/.ssh/id_rsa type -1

debug1:identity file /root/.ssh/id_dsa type 2

debug1:Remote protocol version 2.0, remote software version OpenSSH_5.3

debug1:match: OpenSSH_5.3 pat OpenSSH*

debug1:Enabling compatibility mode for protocol 2.0

debug1:Local version string SSH-2.0-OpenSSH_5.3

debug1:SSH2_MSG_KEXINIT sent

debug1:SSH2_MSG_KEXINIT received

debug1:kex: server->client aes128-ctr hmac-md5 none

debug1:kex: client->server aes128-ctr hmac-md5 none

debug1:SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1:expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1:SSH2_MSG_KEX_DH_GEX_INIT sent

debug1:expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1:Host '10.0.0.17' is known and matches the RSA host key.

debug1:Found key in /root/.ssh/known_hosts:2

debug1:ssh_rsa_verify: signature correct

debug1:SSH2_MSG_NEWKEYS sent

debug1:expecting SSH2_MSG_NEWKEYS

debug1:SSH2_MSG_NEWKEYS received

debug1:SSH2_MSG_SERVICE_REQUEST sent

debug1:SSH2_MSG_SERVICE_ACCEPT received

debug1:Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug1:Next authentication method: gssapi-keyex

debug1:No valid Key exchange context

debug1:Next authentication method: gssapi-with-mic

上述配置没配就发现卡到gssapi这。就大概知道是gssapi的问题。

实际上在linux系统优化部分就应该优化SSH服务的此处。

免费领取兄弟连IT教育原创linux运维工程师视频/细说linux教程，详情咨询官网客服：http://www.lampbrother.net/linux/