Tuesday, January 18, 2011

Slow SSH connection in Ubuntu

There is always a problem with Ubuntu’s i.e. very slow SSH connection. For some reasons, there’re some options are being enabled by default and causing either the incoming or outgoing SSH connection very slow or hanged in a range from 15 to 60 seconds.

There’re two major contributors which I know of, than can causing the abovementioned problem.

[1] GSSAPIAuthentication

GSSAPI is a ITEF standard for doing strong encrypted authentication in network based applications. OPENssh uses this API and the underlying kerberos 5 code to provide a alternative means of authentication other than ssh_keys.

For some reasons, this feature is enabled by default since Ubuntu Fiesty, you can disable them globally affecting all users in the /etc/ssh/ssh_config

# SendEnv LANG LC_*
# HashKnownHosts yes
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials no

[2] Slow or Broken DNS Lookup

Everytime when you log into the OpenSSH server, it would actually perform a reverse-lookup on your IP address. If the DNS lookup timed out, then you’ll having big time of delaying as typically OpenSSH will perform 3 times trying.

All you need to do is add the following line in /etc/ssh/ssh_config

sudo echo "UseDNS no" >> /etc/ssh/sshd_config

Remember to restart the ssh services upon change.

No comments: