我有Linux机器版本红帽子5.5.0
我有问题
如果我从我的机器执行ssh到其他linux机器 – node1,那么我很快login到node1
但如果我执行SSH到其他Linux机器节点2然后SSH花了很长时间
请问为什么?
为了在node2上立即执行ssh,需要做什么?
备注 – 在SSHdebugging我得到的 – GSS失败?
由于您获得GSS失败,您可以尝试添加:
GSSAPIAuthentication no
到/ etc / ssh / sshd_config。 然后重新启动服务
/etc/init.d/sshd restart
尝试将以下行添加到node2上的/etc/ssh/sshd_config :
UseDNS no
然后重新启动sshd:
/etc/init.d/ssh restart
或者如果上述不存在:
/etc/init.d/sshd restart
或者知道问题的最合适的方法是在debugging模式下使用ssh进行连接:
# ssh -v <Server name> OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to mysql [192.168.0.29] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 1a:2c:c4:62:cc:27:1b:76:6b:f7:b2:38:00:7b:3f:63 debug1: Host 'mysql' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password ->> debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found<br/>
标有箭头的行在我的情况下造成了延迟。 我注释了目标服务器上的以下行,它解决了我的情况下的问题
#GSSAPI options #GSSAPIAuthentication no #GSSAPIAuthentication yes #GSSAPICleanupCredentials yes #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no
重新启动远程服务器上的SSH守护进程,并尝试重新连接..它很好!
notably glibc 2.1 shipped with Red Hat 6.1 )可能需要很长时间才能从域名parsing“IPv6 or IPv4″地址。 这可以通过在ssh_config指定AddressFamily inet选项来解决。 nslookup命令通过查找另一端的名称和IP地址来检查客户端和服务器上的这一点。 此外,在服务器上查找客户端的IP名称查找返回的名称。 您可以通过在sshd_config设置UseDNS no来禁用大多数服务器端查找。 编辑服务器上的/ etc / ssh / sshd_config并在底部添加(如果不存在) UseDNS no然后重新启动SSH守护进程。
将停止您的计算机parsingDNS并加快进程。
我也find了这个答案:
ssh -o GSSAPIAuthentication=no [email protected] -要么-
/etc/ssh/ssh_config并添加到此configuration中(如果它尚不在configuration文件中): GSSAPIAuthentication no -要么-
/home/YOURUSERNAME/.ssh/config并添加GSSAPIAuthentication no ===错误===
当我尝试连接到ssh服务器(使用ssh -v )时,我总是(我的系统是Ubuntu 8.04):
debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey
事实是,在许多服务器上build立ssh连接是非常缓慢的,因为这个问题。
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/416264