SSH登录慢的问题解决方案
SSH登录慢的问题解决方案
SSH登录慢的问题解决方案
就我自身所遇到的情况来看, 这些延迟绝大部分是 GSSAPI 的认证功能导致的!
你可以用 -v 选项确认你的情况. 例如, 下面是 ssh 的详细登陆过程:
[root@xuekun ~]# ssh -v xuekun@192.168.15.120
...
...
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xuekun/.ssh/identity
debug1: Trying private key: /home/xuekun/.ssh/id_rsa
debug1: Trying private key: /home/xuekun/.ssh/id_dsa
debug1: Next authentication method: password
xuekun@192.168.15.120's password:
解决方案
就我所遇到的情况来看, 显然是要把 GSSAPI 禁用. 以下是三种可行的方式:
[注] 该解决方案是在客户端 OpenSSH_4.7p1 centos5.8 centos6.2下测试并通过的.
1. 连接时用命令指定:
ssh -o GSSAPIAuthentication=no xuekun@192.168.15.127
2. 在 ssh 客户端程序的配置文件里显式禁用 GSSAPI 认证. 如, 编辑 /etc/ssh/ssh_config 文件, 添加或修改使其有如下一行:
GSSAPIAuthentication no
3. 在用户根目录下的 .ssh 目录下创建一个 config 文件. 如, 编辑 /home/xuekun/.ssh/config (如果该文件不存在, 则创建之), 添加选项:
GSSAPIAuthentication no
[注] A. /etc/ssh/ssh_config 是全局配置文件, 对其进行的修改会影响所有使用 ssh 客户端的系统用户.
B. /home/cherry/.ssh/config 是只会影响用户 xcl 的本地 ssh 客户端配置文件. 该文件的所有配置参数会覆盖全局配置文件的相同配置参数.
在禁用 GSSAPI 后, ssh 的登陆提示 "回归" 正常了:
[root@xuekun ~]# ssh -v xuekun@192.168.15.127
...
...
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xuekun/.ssh/identity
debug1: Trying private key: /home/xuekun/.ssh/id_rsa
debug1: Trying private key: /home/xuekun/.ssh/id_dsa
debug1: Next authentication method: password
xuekun@192.168.15.127's password:
可见, 该过程已经不再使用 GSSAPI 了. 速度也大大提高了.
评论暂时关闭