Establishing SSH connections are slow due to Kerberos and pulic key authentication
Kenneth Holter
kenneho.ndu at gmail.com
Mon Nov 30 09:53:20 UTC 2009
Hi.
A couple of weeks ago some of our servers started hanging for a while when
establishing SSH sessions to other servers. From issuing "ssh <some-server>"
to getting to the login prompt, it took about 20-30 seconds.
I've seen this behavior a couple of times before, and have found that the
reason for the slow connections is that SSH is trying to use Kerberos, hangs
for about 10 seconds, then tries public key authentication, hangs for about
10 seconds, and then finally prompts for password. By setting
the "GSSAPIAuthentication" option to false, either in /etc/ssh/ssh_config,
or on the command line, everything works perfectly.
So the problem is easy to fix, but what's puzzling me is why SSH suddenly
decides to try kerberos and pulic key authentication, when I've done no
changes to the configuration files? I believe the problem might have
something to do with DNS, but have not figured out how these things are
related. Have anyone else seen this behavior, and knows what's triggering
it?
Regards,
Kenneth Holter
More information about the redhat-list
mailing list