Usually when I see this behavior, it is related to an DNS issue as you have mentioned. Have you tried disabling DNS lookups in the /etc/ssh/ssshd_config file to see if it goes any faster? Maybe there is a DNS resolver within the network that is having a communication issue with these systems - Dustin # cat /etc/ssh/sshd_config | grep DNS #UseDNS yes -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Kenneth Holter Sent: Monday, November 30, 2009 3:53 AM To: redhat-list@xxxxxxxxxx Subject: Establishing SSH connections are slow due to Kerberos and pulic key authentication Hi. A couple of weeks ago some of our servers started hanging for a while when establishing SSH sessions to other servers. From issuing "ssh <some-server>" to getting to the login prompt, it took about 20-30 seconds. I've seen this behavior a couple of times before, and have found that the reason for the slow connections is that SSH is trying to use Kerberos, hangs for about 10 seconds, then tries public key authentication, hangs for about 10 seconds, and then finally prompts for password. By setting the "GSSAPIAuthentication" option to false, either in /etc/ssh/ssh_config, or on the command line, everything works perfectly. So the problem is easy to fix, but what's puzzling me is why SSH suddenly decides to try kerberos and pulic key authentication, when I've done no changes to the configuration files? I believe the problem might have something to do with DNS, but have not figured out how these things are related. Have anyone else seen this behavior, and knows what's triggering it? Regards, Kenneth Holter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
