Ubuntu

Problem using ssh locally - slow to respond

Asked by Jim Hutchinson

I have a desktop set up with openssh-server. I would like to be able to log in to the desktop and move files to and from my laptop. Both run ubuntu 7.04.

I have had this working in the past. I could use ssh <email address hidden> or I could use the option to "connect to server" under the places menu. Usually, it worked once. It would say something about the host being unknown and did I really want to connect. I'd say yes and it would work. When I would try again a few days later it would return an error about being unable to connect. If i opened the .ssh folder and deleted the "known hosts" file it would again work - once.

Now it is not working so well. I can still connect but it now takes 15 seconds or so before I am prompted for a password. It used to be nearly instantaneous. I tried this (http://www.ubuntugeek.com/fix-for-ssh-slow-to-ask-for-password-in-ubuntu-feisty-fawn.html) but it didn't help.

Right now I can only connect with ssh in a terminal and there is the long pause before being asked for a password. If I use the "connect to server" option under Places and set up a link it will return an error saying "could not open location 'ssh:user@192.168.1.100:22'". This is the method I'd prefer to use because it allows me to use nautilus to copy and move files.

A solution for me would be to have both ssh in a terminal and with nautilus work every time and quickly and without the need to delete the "known_hosts" file each time.

Thanks.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Joey Stanford
Solved:
Last query:
Last reply:
Revision history for this message
Best Joey Stanford (joey) said : 		#1

Try adding the following line to ~/.ssh/config:

   GSSAPIAuthentication no

Revision history for this message
Jim Hutchinson (jphutch) said : 		#2

Thanks Joey. I created the file and added the line but nothing really changed. Was I supposed to add that to the server or the client computer? Or both?

Revision history for this message
Jim Hutchinson (jphutch) said : 		#3

Okay, wait. I went ahead and added that line to the client computer and rebooted (old windows habit, I know) and it seems to be working. I also restarted ssh on the server. I think that fixed it. Does turning off GSSAPIAuthentication open any security risks? If I open port 22 for external ssh (like from work to home) will that leave me wide open?

Revision history for this message
Jim Hutchinson (jphutch) said : 		#4

Thanks Joey Stanford, that solved my question.

Revision history for this message
Joey Stanford (joey) said : 		#5

The man page ssh_config says GSSAPIAuthentication is no by default but in Debian and derives it's ON by default (Debian Bug #409360). Given the default settings I doubt this would cause any security issues.

Revision history for this message
Jim Hutchinson (jphutch) said : 		#6

Okay. Thanks.

Revision history for this message
Neal McBurnett (nealmcb) said : 		#7

GSSAPIAuthentication allows you to use kerberos to authenticate, which you're probably not doing. It won't decrease your security to turn it off, though in the proper environment, like a big organization, kerberos would be a better way to authenticate.

Nevertheless, I'm troubled by the need to disable this feature. DIgging further, there are some bugs on this, e.g.

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899/
which says:

 I had a similar problem, and setting GSSAPIAuthentication to no did NOT help.
 I disabled mDNS from the nsswitch.conf file on the client and now the problem is solved:
 In /etc/nsswitch.conf, I replaced :

 hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

 with

 hosts: files dns

see also
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/96472
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84849