SSH登錄慢的問題解決方案
就我自身所遇到的情況來看, 這些延遲絕大部分是 GSSAPI 的認證功能導致的!
你可以用 -v 選項確認你的情況. 例如, 下面是 ssh 的詳細登陸過程:
[root@xuekun ~]# ssh -v
[email protected]
...
...
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xuekun/.ssh/identity
debug1: Trying private key: /home/xuekun/.ssh/id_rsa
debug1: Trying private key: /home/xuekun/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
解決方案
就我所遇到的情況來看, 顯然是要把 GSSAPI 禁用. 以下是三種可行的方式:
[注] 該解決方案是在客戶端 OpenSSH_4.7p1 centos5.8 centos6.2下測試並通過的.
1. 連接時用命令指定:
ssh -o GSSAPIAuthentication=no
[email protected]
2. 在 ssh 客戶端程序的配置文件裡顯式禁用 GSSAPI 認證. 如, 編輯 /etc/ssh/ssh_config 文件, 添加或修改使其有如下一行:
GSSAPIAuthentication no
3. 在用戶根目錄下的 .ssh 目錄下創建一個 config 文件. 如, 編輯 /home/xuekun/.ssh/config (如果該文件不存在, 則創建之), 添加選項:
GSSAPIAuthentication no
[注] A. /etc/ssh/ssh_config 是全局配置文件, 對其進行的修改會影響所有使用 ssh 客戶端的系統用戶.
B. /home/cherry/.ssh/config 是只會影響用戶 xcl 的本地 ssh 客戶端配置文件. 該文件的所有配置參數會覆蓋全局配置文件的相同配置參數.
在禁用 GSSAPI 後, ssh 的登陸提示 "回歸" 正常了:
[root@xuekun ~]# ssh -v
[email protected]
...
...
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xuekun/.ssh/identity
debug1: Trying private key: /home/xuekun/.ssh/id_rsa
debug1: Trying private key: /home/xuekun/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
可見, 該過程已經不再使用 GSSAPI 了. 速度也大大提高了.