I have noticed that some Linux Servers in Network takes long time to connect using ssh.
Situations:
There are two situations I have faced:
- On some servers some times it takes a long time to ask for password
- but on other servers When I insert the password it doesn’t respond . And after some time say 20 0r 30 seconds it just say Connection Closed
Detail for 1 case:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Cannot determine realm for numeric host address debug1: Unspecified GSS failure. Minor code may provide more information Cannot determine realm for numeric host address debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Cannot determine realm for numeric host address debug2: we did not send a packet, disable method debug1: Next authentication method: publickey debug1: Trying private key: /home/umairmustafa/.ssh/id_rsa debug1: Trying private key: /home/umairmustafa/.ssh/id_dsa debug1: Trying private key: /home/umairmustafa/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug1: Next authentication method: password
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I had this same problem just this morning…
Edit your /etc/ssh/sshd_config to set GSSAPIAuthentication no
Method 2
Often this happened to me when DNS was not correctly configured, but SSH is trying to do a reverse lookup on every connect, so it might be waiting for some high timeouts. Try doing this in /etc/ssh/sshd_config:
UseDNS no
And then restart the SSH daemon. This will make it not use reverse lookups anymore.
Method 3
If you do not want to change any server configurations
Go to $HOME/.ssh/config and add
Host * GSSAPIAuthentication no
Method 4
I found another reason that was causing ssh to take a minute or two to connect. If you make your connection as follows:
ssh -i keypair.pem <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5e2b2d3b2c1e36312d2a303f333b703a31333f3730703d3133">[email protected]</a>
and hostname.domain.com has both an IPv4 and Ipv6 address, it stalls out trying to connect over IPv6 first, then finally falls back to IPv4.
Simple fix, force it to use IPv4 only.
ssh -4 -i keypair.pem <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d2a7a1b7a092babda1a6bcb3bfb7fcb6bdbfb3bbbcfcb1bdbf">[email protected]</a>
Or connect by IP address directly
ssh -i keypair.pem <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="483d3b2d3a087b78667c78667d78667e78">[email protected]</a>
Method 5
I have recently found another cause of slow ssh logins.
Even if you have “UseDNS no” in /etc/sshd_config, sshd may still perform reverse DNS lookups if /etc/hosts.deny has an entry like nnn-nnn-nnn-nnn.rev.some.domain.com. That might happen if you have Denyhosts installed in your system.
It would be great if someone knew how to make Denyhosts avoid putting this kind of entry in /etc/hosts.deny.
Here is a link to the Denyhosts FAQ on how to remove entries from /etc/hosts.deny
Method 6
Just add IP address with hostname in /etc/host , It’ll short out your problem 🙂
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0