CentOS7 SSH登陆慢的解决方法简述

1、首先用ssh调试一下sshd服务,会输出一下信息:

[[email protected] ~]# ssh -v [email protected]

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 56: Applying options for *

debug1: Connecting to 192.168.1.131 [192.168.1.131] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: SELinux support enabled

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.6.1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr [email protected] none

debug1: kex: client->server aes128-ctr [email protected] none

debug1: kex: [email protected] need=16 dh_need=16

debug1: kex: [email protected] need=16 dh_need=16

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ECDSA 14:ec:5c:f5:36:8b:30:f1:9d:50:4c:41:01:f2:ef:5a

The authenticity of host ‘192.168.1.131 (192.168.1.131)‘ can‘t be established.

ECDSA key fingerprint is 14:ec:5c:f5:36:8b:30:f1:9d:50:4c:41:01:f2:ef:5a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘192.168.1.131‘ (ECDSA) to the list of known hosts.

debug1: ssh_ecdsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug1: Next authentication method: gssapi-keyex

debug1: No valid Key exchange context

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure.  Minor code may provide more information

No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information

No Kerberos credentials available

debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Unspecified GSS failure.  Minor code may provide more information

No Kerberos credentials available

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Next authentication method: password

[email protected]‘s password:

debug1: Authentication succeeded (password).

Authenticated to 192.168.1.131 ([192.168.1.131]:22).

debug1: channel 0: new [client-session]

debug1: Requesting [email protected]

debug1: Entering interactive session.

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

Last login: Fri Apr  1 09:13:02 2016 from 192.168.1.197

修改sshd的配置文件/etc/ssh/sshd_config把UseDNS 设置成no,把 GSSAPIAuthentication 设置成no

[[email protected] ~]# egrep -i ‘UseDNS|GSSAPIAuthentication‘ /etc/ssh/sshd_config

GSSAPIAuthentication no

UseDNS no

以下是修改完sshd配置文件后调试输出的结果,是不是少了许多信息呀:

[[email protected] ~]# ssh -v [email protected]

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 56: Applying options for *

debug1: Connecting to 192.168.1.131 [192.168.1.131] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.6.1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1

debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr [email protected] none

debug1: kex: client->server aes128-ctr [email protected] none

debug1: kex: [email protected] need=16 dh_need=16

debug1: kex: [email protected] need=16 dh_need=16

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ECDSA 14:ec:5c:f5:36:8b:30:f1:9d:50:4c:41:01:f2:ef:5a

debug1: Host ‘192.168.1.131‘ is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:1

debug1: ssh_ecdsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Next authentication method: password

[email protected]‘s password:

debug1: Authentication succeeded (password).

Authenticated to 192.168.1.131 ([192.168.1.131]:22).

debug1: channel 0: new [client-session]

debug1: Requesting [email protected]

以下是UseDNS和GSSAPIAuthentication这两个选项的简单说明:

UseDNS no

OpenSSH在用户登录的时候会验证IP,它根据用户的IP使用反向DNS找到主机名,再使用DNS找到IP地址,最后匹配一下登录的IP是否合法。如果客户机的IP没有域名,或者DNS服务器很慢或不通,那么登录就会很花时间。

GSSAPIAuthentication no

可以使用ssh -o GSSAPIAuthentication=no [email protected]登录

GSSAPI ( Generic Security Services Application Programming Interface) 是一套类似Kerberos 5的通用网络安全系统接口。该接口是对各种不同的客户端服务器安全机制的封装,以消除安全接口的不同,降低编程难度。但该接口在目标机器无域名解析时会有问题,使用strace查看后发现,ssh在验证完key之后,进行authentication gssapi-with-mic,此时先去连接DNS服务器,在这之后会进行其他操作。

时间: 2024-10-10 08:46:11

CentOS7 SSH登陆慢的解决方法简述的相关文章

CentOS7 下linux不能上网解决方法?,centos7 eth0 没有ip,IP突然丢失

CentOS7 下linux不能上网解决方法? 在CentOS VMware下安装好linux后,发现有时不能直接联网,特分享下总结出来的经验,希望对新手有用 工具/原料 XP系统 VMware.Workstation.v7.0以上 CentOS-5.5-i386-bin-DVD.iso 其他不同版本应该差不多 方法/步骤 虚拟机安装就不说了,从安装linux后测试发现不能联网,可以先终端重启下网卡 失败如图:   找到点击选择setting   在network Adapter选中,右侧是否是

Mac下新安装的MySQL无法登陆root用户解决方法

一 设置MySQL命令行搜索路径 0.苹果->系统偏好设置->最下边点mysql 在弹出页面中 启动mysql服务 1.打开终端,输入: sudo vi ~/.bash_profile 如果已存在删除:  sudo rm -rf .bash_* 2.输入 i 3.然后粘贴以下内容 # mysql alias mysql='/usr/local/mysql/bin/mysql' alias mysqladmin='/usr/local/mysql/bin/mysqladmin' # ls ali

【转】bash: ssh: command not found解决方法(linux)

原文转自:http://www.cnblogs.com/ahauzyy/archive/2013/04/25/3043699.html 今天在搭建hadoop的开发环境中,用的是centsos6.0的操作系统,由于选安装时选的是最小安装.在配置Master无密码登录时,敲ssh命令时出现 1 -bash: ssh: command not found 最后在网上找到的解决方法为 1 yum -y install openssh-clients

linux ssh 经常断开 的解决方法

1.现象 在linux ,用ssh进行远程连接时,经常会发生长时间后断线,或者是无响应,就像卡住的感觉(键盘输入不进去). 2.解决方法 在ssh客户端的linux设置 # sudo vim /etc/ssh/ssh_config 添加 ServerAliveInterval 20 ServerAliveCountMax 999 保存并退出,就可以了. 说明: 1.ssh是通过客户端定时发送心跳,维持连接的,若是客户端与服务端长时间没有发送心跳的话,服务端会认为客户端已经下线,因此,自动断开连接

关于Centos7 命令不能补全解决方法详解

系统镜像:CentOS-7-x86_64-Minimal-1611 实际情况:在Dell T620塔式服务器上新安装了CentOS 7 Mini版的系统,需要使用Firewall-cmd的功能,但是在tab件补全时,发现tab不能显示命令. 于是通过Google搜索https://www.google.com.hk/  ,后面附链接 解决方法: 1.安装bash-completion.一般bash自带这个自动补齐的功能,但是只能自动补全命令名和文件名.而         为了大道更好的补全效果,

ssh登录很慢解决方法

使用ssh客户端(如:putty)连接Linux服务器,可能会等待10-30秒才有提示输入密码.严重影响工作效率.登录很慢,登录上去后速度正常,这种情况主要有两种可能的原因: 1. DNS反向解析问题 OpenSSH在用户登录的时候会验证IP,它根据用户的IP使用反向DNS找到主机名,再使用DNS找到IP地址,最后匹配一下登录的IP是否合法.如果客户机的IP没有域名,或者DNS服务器很慢或不通,那么登录就会很花时间. 解决办法:在目标服务器上修改sshd服务器端配置,并重启sshd vi /et

ssh登录服务器缓慢解决方法

使用ssh客户端(如:putty)连接Linux服务器,可能会等待10-30秒才有提示输入密码,严重影响工作效率.登录很慢,登录上去后速度正常,这种情况主要有两种可能的原因: 1. DNS反向解析问题 OpenSSH在用户登录的时候会验证ip,它根据用户的IP使用反向DNS找到主机名,再使用DNS找到IP地址,最后匹配一下登录的IP是否合法.如果客户机的IP没有域名,或者DNS服务器很慢或不通,那么登录就会很花时间. 解决办法: 在目标服务器上修改sshd服务器端配置,并重启sshd vi /e

【转】ssh登录很慢解决方法

使用ssh客户端(如:putty)连接Linux服务器,可能会等待10-30秒才有提示输入密码.严重影响工作效率.登录很慢,登录上去后速度正常,这种情况主要有两种可能的原因: 1. DNS反向解析问题 OpenSSH在用户登录的时候会验证IP,它根据用户的IP使用反向DNS找到主机名,再使用DNS找到IP地址,最后匹配一下登录的IP是否合法.如果客户机的IP没有域名,或者DNS服务器很慢或不通,那么登录就会很花时间. 解决办法:在目标服务器上修改sshd服务器端配置,并重启sshd vi /et

CentOS 7.6出现SSH登录失败的解决方法

CentOS 7.6出现SSH登录失败的解决方案 问题重现: iterm登录 ssh [email protected] The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established. ECDSA key fingerprint is SHA256:8nyfIaEq9jMHfb9aQIlPh5OAGXjjSVGEDiXfMjlD7H8. Are you sure you want to continue