1. DNS Resolving
A common cause of this problem is related to DNS resolution. To resolve this, ensure that the SSH server can properly resolve DNS queries by configuring a DNS server. Here's how to do this on a Linux CentOS server. First, start by editing the /etc/resolv.conf file by opening a text editor, such as vi or nano.
[root@server ~]# vim /etc/resolv.confNow, add the IP addresses of your preferred DNS servers, or if you have DNS server redundancy implemented, add the two OpenDNS servers' hostname and IP address, as such:
nameserver 208.67.222.222
nameserver 208.67.220.220Save and exit the editor.
Restart the SSH service to apply the changes like this:
[root@server ~]# sudo systemctl restart sshdThis configuration uses Google's public DNS servers. You can replace them with your own DNS server(s) addresses, if needed. I'm using the DNS servers from OpenDNS. You can use any server you like. This will, in fact, allow your server to perform fast DNS lookups provided no existing bottlenecks are restricting passage. You can also tell SSH to disable the DNS from doing lookups like this:
[root@server ~]# sudo vi /etc/ssh/sshd_configNow, change the "UseDNS yes" field to "UseDNS no."
[root@server ~]# UseDNS noThis will ensure that SSH doesn't try to perform reverse lookups, and don't forget to restart the SSH service so that the changes can take effect. If your SSH connection time is still slow after these changes, read on.
2. Authentication Methods
SSH supports various authentication methods besides just a username/password combination. Let me show you what is happening behind the scenes when you are waiting for the password prompt:
mindhackdiva@host ~ $ ssh -v root@192.168.82.144I'm going to connect to an SSH server, but I'll use the 'v' parameter (verbose). Here's what you should see:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Next authentication method: publickey
debug1: Trying private key: /home/host/.ssh/id_rsa
debug1: Trying private key: /home/host/.ssh/id_dsa
debug1: Trying private key: /home/host/.ssh/id_ecdsa
debug1: Next authentication method: passwordBefore it shows you the password prompt, SSH will try to connect using GSSAPI-KEYEX, GSSAPI-WITH-MIC, and Public Key. Since I'm not using these, it's causing a delay when connecting to SSH. Especially the GSSAPI-WITH-MC, so let's go ahead and disable it:
[root@server ~]# vim /etc/ssh/sshd_configNow, change the "GSSAPIAuthentication yes" line to "GSSAPIAuthentication no."
Restart the SSH service and try to reconnect:
mindhackdiva@host ~ $ <strong>ssh -v root@192.168.82.144
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mindhackdiva/.ssh/id_rsa
debug1: Trying private key: /home/mindhackdiva/.ssh/id_dsa
debug1: Trying private key: /home/mindhackdiva/.ssh/id_ecdsa
debug1: Next authentication method: passwordWith GSSAPI disabled, it's flying!
‼ In case you are wondering, GSSAPI stands for Generic Security Services API and is a standard interface so that SSH can communicate with the Windows Kerberos protocol.
By addressing these two issues, you should notice a significant improvement in the speed of your SSH connections. I hope this tutorial helps you to solve your SSH login delays. If you have any questions, feel free to drop us a comment below.
Happy Fixing Slow SSH Logins!
Rate This Article
Thanks for reading: How to Fix SSH Slow Logins, Sorry, my English is bad:)