Ubuntu
openssh package

SSH Connection too slow in Jaunty

Asked by Kayvee

Hello,
I use rsync to backup my files (on an Ubuntu machine) into a server running Ubuntu. Ever since I upgraded (actually it is a clean re-install not upgrade from Intrepid) my computers to Jaunty release, I notice that my SSH connections became too slow. It takes almost 15 seconds to reach the 'enter your password' prompt after executing the command. Earlier, it used to be instantaneous. I read a few posts here and inserted a '-vvv' option into my command. Here is where it gets stuck and stay for about 10 seconds before proceeding...

debug2: key: /home/xxxx/.ssh/identity ((nil))
debug2: key: /home/xxxx/.ssh/id_rsa ((nil))
debug2: key: /home/xxxx/.ssh/id_dsa ((nil))

I moved my /home/xxxx/.ssh folder to .ssh-old and the next time I executed the command, it created a new folder. However, the problem remains. How do I fix it?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Dominik Zalewski (dzalewski) said : 		#1

Did you try to ssh using server's IP address not a domain name ? Is it same slow? Perhaps you need to create a reverse zone in your DNS server.

Revision history for this message
Kayvee (vkkodali) said : 		#2

Using IP address instead of domain name did not make any difference. With -vvv option, I see that it gets stuck at the same place for almost 10 seconds before going further.

Revision history for this message
Hertatijanto Hartono (dvertx) said : 		#3

I suggest you use public key authentication method rather than password authentication, since it seems that it got stuck at the identifying part:
debug2: key: /home/xxxx/.ssh/id_rsa ((nil))
debug2: key: /home/xxxx/.ssh/id_dsa ((nil))

If you decide to use public key authentication method, you can disable password authentication by changing a line in /etc/ssh/sshd_config:
PasswordAuthentication yes
to
PasswordAuthentication no

This link (https://help.ubuntu.com/community/SSHHowto) might help you further.

Revision history for this message
John A Meinel (jameinel) said : 		#4

Actually, I noticed a severe slowdown as well when connecting to another machine.

I then found this in: /etc/ssh/ssh_config (client not server):

Host *
 ...
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
...
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

Basically, it looks like even in Hardy they defaulted to enablingy GSSAPIAuthentication.
If I just comment out that line, or set it to
   GSSAPIAuthentication no

Then the connection happens instantly.

My guess is that the system is connecting to the DNS server, and trying to find the local Kerberos master, but since none is set up, it times out on DNS. Which can take as long as ~5s...

I'll note that the time it takes to connect *to* this machine was greatly improved by "UseDNS no" in the sshd_config, but the time to connect *from* the machine was improved by disabling GSSAPI authentication in ssh_config.

Can you help with this problem?

Provide an answer of your own, or ask Kayvee for more information if necessary.

To post a message you must log in.