I am experiencing slow ssh login from a machine to a remote machine.
The verbose of ssh is shown below in two broken blocks. ssh freezes for 15 seconds in the below shown block.
[root@zabbix ~]# ssh -vvv zabbix@172.18.xxx.xx
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.18.xxx.xx [172.18.xxx.xx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.4
debug1: no match: Sun_SSH_1.1.4
debug1: Enabling compatibility mode for protocol 2.0
...............
...............
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1205
ssh hangs here for approx 15 seconds and then it asks for the password
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
After password input, it hangs at the end of the line shown below:
debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)
debug3: Wrote 80 bytes for a total of 1285
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug3: Wrote 64 bytes for a total of 1349
After approx 15 seconds, login is done successfully.
My question is, what can I do to make this ssh attempt faster?
This login attempt is done from a RHEL 6.2 machine to a Solaris 10 machine.
At the very first moment I thought that it could be a network issue but later I found that I could login without any such freezes from an another Solaris 10 machine to the same remote Solaris machine I mentioned above.
The version of SSH in the remote Solaris machine is shown below:
$ ssh -V
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
While the version of SSH in RHEL machine is shown below:
[root@zabbix ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
Please note that the remote Solaris 10 machine is a zone on Physical solaris 10 machine.
Attempt to login using ssh to the Physical solaris 10 machine is very fast from the local RHEL machine. So, I suppose, this is not network issue at all.
Update: Adding below all enabled directives in sshd_config file in the remote Solaris 10 machine.
Protocol 2
Port 22
ListenAddress 0.0.0.0
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel info
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes yes
LoginGraceTime 600
MaxAuthTries 6
MaxAuthTriesLog 3
PermitEmptyPasswords no
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
Subsystem sftp internal-sftp
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
Your input is highly appreciated.
Thanks
Best Answer
On the RHEL machine, try:
If that works, make it permanent by editing
~/.ssh/config
and add:Also, check that the RHEL is visible in DNS (from the server's point of view). The server tries to check your reverse DNS resolution. If that fails, you'll suffer a delay.
This check can be disabled:
Edit
/etc/ssh/sshd_config
OpenSSH: Use
UseDNS no
Solaris: Use
LookupClientHostnames no
Restart
sshd
and it should be quicker to log on.