Linux下ssh远程连接缓慢问题的解决
这个问题之前就遇到过,但都是顺手解决了,没有做个记录,今天在使用ubuntukylin 13.04时又遇到了,所以记录一下。
系统环境如下:
1 2 3 4 | lenky@lenky-Inspiron-545s:~$ uname -aLinux lenky-Inspiron-545s 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:19:42 UTC 2013 i686 i686 i686 GNU/Linuxlenky@lenky-Inspiron-545s:~$ cat /etc/issueUbuntu 13.04 \n \l |
问题表现如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | lenky@lenky-Inspiron-545s:~$ sudo <span class="wp_keywordlink_affiliate"><a href="/archives/tag/ssh" title="查看 ssh 中的全部文章">ssh</a></span> -v xxx.xxx.orgOpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug1: Connecting to xxx.xxx.org [109.169.69.113] port 22.debug1: Connection established.debug1: permanently_set_uid: 0/0debug1: identity file /root/.ssh/id_rsa type -1debug1: identity file /root/.ssh/id_rsa-cert type -1debug1: identity file /root/.ssh/id_dsa type -1debug1: identity file /root/.ssh/id_dsa-cert type -1debug1: identity file /root/.ssh/id_ecdsa type -1debug1: identity file /root/.ssh/id_ecdsa-cert type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3debug1: match: OpenSSH_4.3 pat OpenSSH_4*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server->client aes128-ctr hmac-md5 nonedebug1: kex: client->server aes128-ctr hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug1: Server host key: RSA 7d:52:dc:46:4f:61:38:22:32:0f:3a:a2:5b:d1:f7:c5debug1: Host 'xxx.xxx.org' is known and matches the RSA host key.debug1: Found key in /root/.ssh/known_hosts:1debug1: ssh_rsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: Roaming not allowed by serverdebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,gssapi-with-mic,passworddebug1: Next authentication method: gssapi-with-micdebug1: Unspecified GSS failure. Minor code may provide more informationCredentials cache file '/tmp/krb5cc_0' not founddebug1: Unspecified GSS failure. Minor code may provide more informationCredentials cache file '/tmp/krb5cc_0' not founddebug1: Unspecified GSS failure. Minor code may provide more informationdebug1: Unspecified GSS failure. Minor code may provide more informationCredentials cache file '/tmp/krb5cc_0' not founddebug1: Next authentication method: publickeydebug1: Trying private key: /root/.ssh/id_rsadebug1: Trying private key: /root/.ssh/id_dsadebug1: Trying private key: /root/.ssh/id_ecdsadebug1: Next authentication method: passwordroot@xxx.xxx.org's password: |
可以看到原因在GSS相关功能失败,那么对应的解决方案就是禁言GSS功能。下面是我已经改好的文件,也就是改默认值yes为no:
1 2 3 | lenky@lenky-Inspiron-545s:~$ grep <span class="wp_keywordlink_affiliate"><a href="/archives/tag/gssapi" title="查看 GSSAPI 中的全部文章">GSSAPI</a></span>Authentication /etc/ssh/ssh_config# GSSAPIAuthentication no GSSAPIAuthentication no |
其他可能的缓慢原因:
1,连接方对服务器域名进行查询解析的时间消耗,那么修改/etc/hosts文件,加上:
222.333.444.555 xxx.xxx.org
2,服务器方对客户端地址做DNS反解析的时间消耗,那么修改/etc/ssh/sshd_config文件,在文件末尾加上(如果已存在则做选项修改即可):
UseDNS no
因为是服务器端,所以要对sshd做重启:
/etc/init.d/ssh restart
转载请保留地址:http://lenky.info/archives/2013/06/16/2308 或 http://lenky.info/?p=2308
备注:如无特殊说明,文章内容均出自Lenky个人的真实理解而并非存心妄自揣测来故意愚人耳目。由于个人水平有限,虽力求内容正确无误,但仍然难免出错,请勿见怪,如果可以则请留言告之,并欢迎来讨论。另外值得说明的是,Lenky的部分文章以及部分内容参考借鉴了网络上各位网友的热心分享,特别是一些带有完全参考的文章,其后附带的链接内容也许更直接、更丰富,而我只是做了一下归纳&转述,在此也一并表示感谢。关于本站的所有技术文章,欢迎转载,但请遵从CC创作共享协议,而一些私人性质较强的心情随笔,建议不要转载。
法律:根据最新颁布的《信息网络传播权保护条例》,如果您认为本文章的任何内容侵犯了您的权利,请以或书面等方式告知,本站将及时删除相关内容或链接。
创作共享协议. Copyright ©2011-2013
可能不是因为 GSSAPIAuthentication.
http://blog.csdn.net/suvi/article/details/4059558 这里写的加了条保持连接的iptalbes 规则
嗯嗯,不过那是他个人错误设置导致,不属于一般情况。:)