I have similar issues with reverse-DNS lookups if it can't resolve the connecting IP to a hostname. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of dustin@xxxxxxxxxxx Sent: Monday, 30 November 2009 11:26 p.m. To: 'General Red Hat Linux discussion list' Subject: RE: Establishing SSH connections are slow due to Kerberos and pulickey authentication Usually when I see this behavior, it is related to an DNS issue as you have mentioned. Have you tried disabling DNS lookups in the /etc/ssh/ssshd_config file to see if it goes any faster? Maybe there is a DNS resolver within the network that is having a communication issue with these systems - Dustin # cat /etc/ssh/sshd_config | grep DNS #UseDNS yes -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Kenneth Holter Sent: Monday, November 30, 2009 3:53 AM To: redhat-list@xxxxxxxxxx Subject: Establishing SSH connections are slow due to Kerberos and pulic key authentication Hi. A couple of weeks ago some of our servers started hanging for a while when establishing SSH sessions to other servers. From issuing "ssh <some-server>" to getting to the login prompt, it took about 20-30 seconds. I've seen this behavior a couple of times before, and have found that the reason for the slow connections is that SSH is trying to use Kerberos, hangs for about 10 seconds, then tries public key authentication, hangs for about 10 seconds, and then finally prompts for password. By setting the "GSSAPIAuthentication" option to false, either in /etc/ssh/ssh_config, or on the command line, everything works perfectly. So the problem is easy to fix, but what's puzzling me is why SSH suddenly decides to try kerberos and pulic key authentication, when I've done no changes to the configuration files? I believe the problem might have something to do with DNS, but have not figured out how these things are related. Have anyone else seen this behavior, and knows what's triggering it? Regards, Kenneth Holter -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list ========================================================== For more information on the Television New Zealand Group, visit us online at tvnz.co.nz ========================================================== CAUTION: This e-mail and any attachment(s) contain information that is intended to be read only by the named recipient(s). This information is not to be used or stored by any other person and/or organisation. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
