SSH remote connection service slow solution under linux
1. The applicable commands and solutions are as follows:
[Remote connection and execution commands]
ssh -p22 [email protected]
ssh -p22 [email protected] /sbin/ifconfig
[remote copy: push and pull]
scp -P22 -r - p /etc [email protected]:/tmp/
scp -P22 -r -p [email protected]:/tmp/ /etc
【Secure FTP function】
sftp -oPort=22 [email protected]
【No password authentication Solution]
For example, use sshkey to distribute files in batches and perform deployment operations.
2. The main reason for the slow connection is that DNS resolution leads to the
solution:
1. Change the configuration in the /etc/ssh/sshd_config file on the ssh server to the following:
UseDNS no # GSSAPI options GSSAPIAuthentication no
Then, execute /etc/init.d/sshd restart to restart the sshd process to make the above configuration take effect, and the connection is generally not slow.
2. If it is still slow, check whether the hostname corresponding to 127.0.0.1 in the /etc/hosts file on the ssh server is
the same as the result of uname -n, or add the local ip and hostname (the result of uname -n) to the /etc/hosts.
[root@C64 ~]# uname -n C64 [root@C64 ~]# cat /etc/hosts #modi by oldboy 11:12 2013/9/24 127.0.0.1 C64 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.18 C64 ################
3. Use the debugging function of ssh-v to find the reason for the slowness.
In fact, you can use the following command to debug the details of why it is slow (it is important to learn this idea).
[root@C64 ~]# ssh -v [email protected] OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.0.0.19 [10.0.0.19] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host '10.0.0.19 (10.0.0.19)' can't be established. RSA key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9. Are you sure you want to continue connecting (yes/no)? yes =======>Old boy teacher comment: Here is the interactive prompt to save the key. Warning: Permanently added '10.0.0.19' (RSA) to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password [email protected]'s password: =======>Old boy teacher's comment: Here is the interactive prompt to prompt for the password. debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Tue Sep 24 10:30:02 2013 from 10.0.0.18 If the remote connection is slow, you can determine where the card is. [root@C64_A ~]# ssh -v [email protected] OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.0.0.17' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic
If the above configuration is not matched, it is found that the card is stuck to gssapi. I probably know it's a gssapi problem.
In fact, in the Linux system optimization part, the SSH service should be optimized here.
This article is from the " Old Boy Linux Training " blog, please keep this source http://oldboy.blog.51cto.com/2561410/1300964