centos-7连接ssh慢
centos-7连接ssh慢
1. centos-7连接ssh慢
这段时间使用虚拟机装载了CentOS 7.9版本的Linux操作系统,配置好相关信息参数后,发现使用SSH命令远程连接访问服务器时,总是需要等待几十秒,不能直接按完回车后,立即跳出输入登录密码的命令提示符。所以上网搜索了一下问题。知道了问题所在。主要是由两个原因造成了。
- DNS反向解析的问题
- Gssap认证问题
2 . 使用ssh连接打出debug查看
[root@appnode2 ~]# ssh -p22 root@172.16.128.25 -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to 172.16.128.25 [172.16.128.25] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 46:f7:fe:0b:07:80:2d:eb:b5:2f:0e:33:fa:cb:cf:fb
debug1: Host '172.16.128.25' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:22
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 172.16.128.25 ([172.16.128.25]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Fri May 27 09:55:28 2022 from appnode2
可以看到报错误信息 "Unspecified GSS failure. Minor code may provide more information"
3. 配置修改连接服务端配置
[root@test ~]# vim /etc/ssh/sshd_config
# 修改如下内容
GSSAPIAuthentication no # 关闭gss认证接口
UseDNS no # 关闭DNS解析功能
按:wq保存退出
GSSAPI ( Generic Security Services Application Programming Interface) 是一套类似Kerberos 5 的通用网络安全系统接口。该接口是对各种不同的客户端服务器安全机制的封装,以消除安全接口的不同,降低编程难度。但该接口在目标机器无域名解析时会有问题。系统是默认开启的,需要手动关闭即可。
4. 重启sshd服务
[root@test ~]# /bin/systemctl restart sshd
5. 检查sshd服务状态
[root@test ~]# /bin/systemctl status sshd
6. 尝试连接
[root@jenkins ~]# ssh root@172.16.128.25
Last login: Fri May 27 11:13:53 2022 from 172.19.4.66
配置没有问题,可以快速连接了