项目中的一台阿里云,最近一段时间出现ssh的时候,连接非常慢,大概输入密码后要10-20秒左右才能连上,以下记录调查过程及解决办法
通过网上的一些查询,发现大都是因为设置dns,hosts或者通过关闭UseDNS=no GSSAPIAuthentication no的方式来解决,但我的问题和这些不同,首先我是通过ip连接的,不存在dns域名解析的问题,并且sshd_config文件中的这些设置项也都是no,因此自己通过调查,发现是以下原因引起的:
1.通过[-v]参数,查看ssh连接的具体过程
deMacBook-Pro:~ yyq$ ssh -v [email protected] -p xx OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to x.x.x.x [x.x.x.x] port xx. debug1: Connection established. debug1: identity file /Users/yyq/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_rsa-cert type -1 debug1: identity file /Users/yyq/.ssh/id_dsa type 2 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/yyq/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to x.x.x.x:xx as ‘root‘ debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:HictrRpAs7Yv495dDLNqHsFCNKXVACpX9FWUnNVenZU debug1: Host ‘[x.x.x.x]:xx‘ is known and matches the ECDSA host key. debug1: Found key in /Users/yyq/.ssh/known_hosts:38 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/yyq/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Offering DSA public key: /Users/yyq/.ssh/id_dsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /Users/yyq/.ssh/id_ecdsa debug1: Trying private key: /Users/yyq/.ssh/id_ed25519 debug1: Next authentication method: password [email protected]‘s password:
首先观察在要求输入密码前有没有出现耗时的操作?
我的问题并没有,因此,继续输出密码:
[email protected]‘s password: debug1: Authentication succeeded (password). Authenticated to x.x.x.x ([x.x.x.x]:xx). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session.
输入密码后,发现停在这里了,大概10-20秒后,就可以连接上;
通过日志可以发现,密码的验证没有损耗时间,已经正确验证通过Authentication succeeded (password)
哪么到底是什么原因导致的速度这么慢?
2.打开服务器的系统日志,查看
tail -f /var/log/auth.log sshd[12642]: pam_systemd(sshd:session): Failed to create session: Connection timed out dbus[617]: [system] Failed to activate service ‘org.freedesktop.login1‘: timed out sshd[12642]: Received disconnect from x.x.x.x port 52856:11: disconnected by user sshd[12642]: Disconnected from x.x.x.x port 52856 sshd[12642]: pam_unix(sshd:session): session closed for user root sshd[12689]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth] sshd[12689]: Accepted password for root from x.x.x.x port 52866 ssh2 sshd[12689]: pam_unix(sshd:session): session opened for user root by (uid=0) sshd[12689]: pam_systemd(sshd:session): Failed to create session: Connection timed out dbus[617]: [system] Failed to activate service ‘org.freedesktop.login1‘: timed out
从日志中可以看到[system] Failed to activate service ‘org.freedesktop.login1‘: timed out
的错误,查了下资料,大致意思如下:
dbus的服务重启后,systemd-logind服务没有重启导致,可以查看systemctl status systemd-logind的状态,解决方法就是重启该服务 systemctl restart systemd-logind
重启systemd-logind服务后,发现ssh可以秒连接了
时间: 2024-10-03 14:46:09