解决SSH登录过慢的问题
2010-08-25 20:00
211 查看
解析下完整的ssh登录log
[xiaocowa@hzling03 atcamgw-main]$ ssh -v root@mgw-ci-server.china.nsn-net.net
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mgw-ci-server.china.nsn-net.net [10.140.162.157] port 22.
debug1: Connection established.
debug1: identity file /home/xiaocowa/.ssh/identity type -1
debug1: identity file /home/xiaocowa/.ssh/id_rsa type -1
debug1: identity file /home/xiaocowa/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mgw-ci-server.china.nsn-net.net' is known and matches the RSA host key.
debug1: Found key in /home/xiaocowa/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xiaocowa/.ssh/identity
debug1: Trying private key: /home/xiaocowa/.ssh/id_rsa
debug1: Trying private key: /home/xiaocowa/.ssh/id_dsa
debug1: Next authentication method: password
root@mgw-ci-server.china.nsn-net.net's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Wed Aug 25 19:28:30 2010 from hzling03.china.nsn-net.net
绿色部分包含了DNS正向解析,GSS认证,公钥匹配
蓝色部分包含了密码匹配,server对client的DNS反向解析
========
GSSAPI (
Generic Security Services Application Programming Interface)
是一套类似Kerberos 5 的通用网络安全系统接口。该接口是对各种不同的客户端服务器安全机制的封装,以消除安全接口的不同,降低编程难度。但该接口在目标机器无域名解析时会有问题。我看到有人给ubuntu提交了bug,说要将GSSAPIAuthentication的缺省值设为no,不知为何,ubuntu9.10的缺省值还是yes。
========
resolution:
1.GSSAuthentication 的value改成no
2.useDNS的value改成no (取消server段的反向解析)或者在server的/etc/hosts加上client的ip和domain name
[xiaocowa@hzling03 atcamgw-main]$ ssh -v root@mgw-ci-server.china.nsn-net.net
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mgw-ci-server.china.nsn-net.net [10.140.162.157] port 22.
debug1: Connection established.
debug1: identity file /home/xiaocowa/.ssh/identity type -1
debug1: identity file /home/xiaocowa/.ssh/id_rsa type -1
debug1: identity file /home/xiaocowa/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mgw-ci-server.china.nsn-net.net' is known and matches the RSA host key.
debug1: Found key in /home/xiaocowa/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xiaocowa/.ssh/identity
debug1: Trying private key: /home/xiaocowa/.ssh/id_rsa
debug1: Trying private key: /home/xiaocowa/.ssh/id_dsa
debug1: Next authentication method: password
root@mgw-ci-server.china.nsn-net.net's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Wed Aug 25 19:28:30 2010 from hzling03.china.nsn-net.net
绿色部分包含了DNS正向解析,GSS认证,公钥匹配
蓝色部分包含了密码匹配,server对client的DNS反向解析
========
GSSAPI (
Generic Security Services Application Programming Interface)
是一套类似Kerberos 5 的通用网络安全系统接口。该接口是对各种不同的客户端服务器安全机制的封装,以消除安全接口的不同,降低编程难度。但该接口在目标机器无域名解析时会有问题。我看到有人给ubuntu提交了bug,说要将GSSAPIAuthentication的缺省值设为no,不知为何,ubuntu9.10的缺省值还是yes。
========
resolution:
1.GSSAuthentication 的value改成no
2.useDNS的value改成no (取消server段的反向解析)或者在server的/etc/hosts加上client的ip和domain name
相关文章推荐
- 从服务器端或客户端解决ssh登录慢问题
- 解决Ubuntu的root账号无法登录SSH问题-Permission denied, please try again.
- linux中ssh登录Permanently added (RSA) to the list of known hosts问题解决
- Mac 下解决SSH登录不上的问题
- 如何解决SSH登录Solaris主机速度慢的问题
- OpenSuSE的ssh无法使用密码登录问题的解决办法
- 解决Ubuntu的root账号无法登录SSH问题-Permission denied, please try again.
- ssh登录远程主机失败的问题解决(REMOTE HOST IDENTIFICATION HAS CHANGED)
- 【OpenStack】SSH登录虚拟机出现"Read from socket failed: Connection reset by peer"问题的解决办法
- 解决Linux ssh登录马上退出问题
- scp或ssh登录时遇到Host key verification failed问题的解决方法
- expect解决ssh无法使用shell直接登录的问题
- 解决Ubuntu的root账号无法登录SSH问题-Permission denied, please try again.
- ssh配好无密码登录(RSA公钥)后,还要密码登录的问题的解决思路
- 解决ssh登录linux速度慢的问题(以centos7为例)
- 解决Ubuntu 16.04 SSH无法远程登录问题(使用root登录)
- 解决ssh登录慢的问题
- ssh用私钥登录远程服务器时提示私钥不安全问题解决
- 一个SSH 公钥登录失败的问题及解决经验
- 解决Ubuntu的root账号无法登录SSH问题-Permission denied, please try again.