True, Few days ago I build a server and fat fingure in /etc/resolv.conf file and that was delaying ssh connection. After fixing that it's ssh connection is fast. On Mon, Nov 30, 2009 at 3:52 PM, Geofrey Rainey <Geofrey.Rainey@xxxxxxxxxx> wrote: > I have similar issues with reverse-DNS lookups if it can't resolve the > connecting IP to a hostname. > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of dustin@xxxxxxxxxxx > Sent: Monday, 30 November 2009 11:26 p.m. > To: 'General Red Hat Linux discussion list' > Subject: RE: Establishing SSH connections are slow due to Kerberos and > pulickey authentication > > Usually when I see this behavior, it is related to an DNS issue as you > have > mentioned. Have you tried disabling DNS lookups in the > /etc/ssh/ssshd_config > file to see if it goes any faster? Maybe there is a DNS resolver within > the > network that is having a communication issue with these systems - Dustin > > # cat /etc/ssh/sshd_config | grep DNS > #UseDNS yes > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] > On Behalf Of Kenneth Holter > Sent: Monday, November 30, 2009 3:53 AM > To: redhat-list@xxxxxxxxxx > Subject: Establishing SSH connections are slow due to Kerberos and pulic > key > authentication > > Hi. > > > A couple of weeks ago some of our servers started hanging for a while > when > establishing SSH sessions to other servers. From issuing "ssh > <some-server>" > to getting to the login prompt, it took about 20-30 seconds. > > I've seen this behavior a couple of times before, and have found that > the > reason for the slow connections is that SSH is trying to use Kerberos, > hangs > for about 10 seconds, then tries public key authentication, hangs for > about > 10 seconds, and then finally prompts for password. By setting the > "GSSAPIAuthentication" option to false, either in /etc/ssh/ssh_config, > or on > the command line, everything works perfectly. > > So the problem is easy to fix, but what's puzzling me is why SSH > suddenly > decides to try kerberos and pulic key authentication, when I've done no > changes to the configuration files? I believe the problem might have > something to do with DNS, but have not figured out how these things are > related. Have anyone else seen this behavior, and knows what's > triggering > it? > > > Regards, > Kenneth Holter > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > ========================================================== > For more information on the Television New Zealand Group, visit us > online at tvnz.co.nz > ========================================================== > CAUTION: This e-mail and any attachment(s) contain information that > is intended to be read only by the named recipient(s). This information > is not to be used or stored by any other person and/or organisation. > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Regards. Sanjay Chakraborty -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
