SSH is slow to make a connection

26

13

I just installed Ubuntu 11.10, and whenever I try to SSH into my servers it's very slow. Before it displays the password prompt, it can take between 40 seconds and 60 seconds.

I use:

ssh myuser@myserver.com

Once I'm logged in, everything is fine and it works fast.

Why does it take so long, and how can i fix it? Are there any options in the SSH command I can use?

joel

Posted 2011-11-19T22:54:14.213

Reputation: 413

Question was closed 2014-08-28T14:25:05.713

Answers

44

This is slow because the OpenSSH daemon uses DNS to run a reverse lookup on the client hostname to make sure it's valid

sudo vi /etc/ssh/ssh_config

Comment out the following lines

#GSSAPIAuthentication yes
#GSSAPIDelegateCredentials no

OR

add this:

UseDNS no

Book Of Zeus

Posted 2011-11-19T22:54:14.213

Reputation: 1 822

1Is there no security implication of doing this? – TheStoryCoder – 2016-04-12T10:19:07.600

@TheStoryCoder good question, ill have to double check, you triggered my curiosity now... – Book Of Zeus – 2016-04-13T02:47:52.060

1After added UseDNS no, I got Bad configuration option: usedns when I tried to ssh login another server. – Casper – 2017-02-28T19:55:18.367

I got locked out and had to use KVM when I tried metakermit's suggestion. – goobliata – 2017-05-12T19:54:16.740

1Try setting UseDNS to no in /etc/sshd_config or /etc/ssh/sshd_config. NOT /etc/ssh_config! – Yu Jiaao – 2018-07-25T08:22:36.240

6There is an sshd_config file for the server side and ssh_config for the client side. Setting these options on the client and the server in the ssh_config file didn't help me. Only after I set GSSAPIAuthentication no and GSSAPIDelegateCredentials yes and added UseDNS no in the server's sshd_config file did it speed the connection up for me. – metakermit – 2014-05-05T08:02:13.697

13

This is just a complement of the answer of Book Of Zeus. In case you don't have root access (sudo), you can still configure it.

You need to edit your "user ssh_config" file which is:

vi $HOME/.ssh/config

(Note: you would have to create the directory $HOME/.ssh if it does not exist)

And add:

Host *
  GSSAPIAuthentication no
  GSSAPIDelegateCredentials yes

You can do so on a per host basis if required :) example:

Host linux-srv
  HostName 192.158.1.1
  GSSAPIAuthentication no
  GSSAPIDelegateCredentials yes

Make sure the IP address match your server IP. One cool advantage is that now ssh will provide autocomplete for this server. So you can type ssh lin + Tab and it should autocomplete to ssh linux-srv.

You can add a bunch of usefull options so that you don't have to type them each time:

User <a user>
Port <a port number>
IdentityFile <a specific private key>
Compression yes
....

So instead of typing ssh -C -p 1022 -i ~/.hidden/prv-key-4096bit superuser@192.158.1.1 a simple ssh linux-srv would suffice!

Huygens

Posted 2011-11-19T22:54:14.213

Reputation: 1 340

Asked: 2011-11-19T22:54:14.213

Viewed: 36 379 times

Active: 2014-08-28T12:33:52.143