[FIXED] OpenSSH Slow: Hanging at SSH2_MSG_SERVICE_ACCEPT received
by Ramesh Natarajan on July 16, 2010
Question: When I’m trying to ssh to a remote server, after I enter the username, it takes a lot of time before it displays the password prompt. Basically, my SSH ( openSSH ) is slow during authentication process. How do I solve this problem?
Answer: If your ssh login from localhost to remotehost is slow, enable the ssh debugging while starting the ssh connection using option -v as shown below.
After it displays the “debug1: SSH2_MSG_SERVICE_ACCEPT received” message, ssh session will be hanging for almost a minute before it continues to the next debug statement.
$ ssh -v ramesh@remote-host debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received <-- OpenSSH hanging here for 1 min debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: password ramesh@remote-host's password:
Solution: set UseDNS to no in sshd_config file
To fix this performance issue while connecting to a remote server using ssh, set the UseDNS to no as shown below in your /etc/ssh/sshd_config file.
$ vi /etc/ssh/sshd_config UseDNS no
Restart the openssh and connect to the remote server again, which should be quick this time and will not hang at SSH2_MSG_SERVICE_ACCEPTED.
# service sshd restart $ ssh -v ramesh@remote-host
If you enjoyed this article, you might also like..
|
|
Previous post: How to View and Delete Iptables Rules – List and Flush
Next post: 4 Ways of Executing a Shell Script in UNIX / Linux
{ 8 comments… read them below or add one }
This will work if you are doing ssh from a Linux machine.
What if you are doing ssh from a Windows machine?
you can download the free secureshell SSH client from the link below or google for
SSHSecureShellClient-3.2.9.exe
charlotte.at.northwestern.edu/bef/SSH/SSHSecureShellClient-3.2.9.exe
This is a command line windows SSH client, been working fine for a long time..
Hope this helps…
-Mike
@Narendra, even though you may not be able to use the Debug option in your Windows client, changing the UseDNS setting on your target machine will still resolve the slow SSH problem. If that is indeed the problem We have started to disable that on all our SSH servers as a standard practice.
Great tip – using putty on a windows machine, but changed the option on the linux server (as you said) and it worked like a charm.
Thanks much!
Cool tip.
By the way, If I remember correctly, the length of time of the delay correlates with how many resolvers you have listed in /etc/resolv.conf.
You could also just add an entry in the /etc/hosts file of the remote host for your client machine (if it is predictable). It could be as simple as:
1.1.1.1 me
…of course, the address must match your client host.
Or, you could add a reverse-dns (ptr) record for your client machine to the DNS server that your remote host uses (if you have control over it, and other mitigating conditions).
Mike / Brad,
Thanks for the suggestions.
I am using putty from my windows machine to login to ssh server.
Regards,
Narendra
Thanks, worked for me!
Tanx worked for me gooood