Slow SSH Client and Quick Hack

While using PackStack to install OpenStack for multi-node topology, I found my SSH client was so slow that it failed the PackStack installation command. The ssh I had was the default one with CentOS 6.4: “OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010.” It seemed to work just fine while using PackStack for all-in-one deployment as described in my previous article.

To isolate the problem, I started to print more debug information from the SSH as follows:

Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.

# ssh -vvv root@
debug3: Trying to reverse map address

Alternatively, you can change the configuration file pertaining to current user:

# vim /root/.ssh/config
LogLevel DEBUG3

It paused there trying to reverse IP address for more than 10 seconds before it moved on. After searching the Web, I found many pages suggesting that the /etc/ssh/sshd_config and change useDNS to no and restart sshd service.

UseDNS no
# service sshd restart

It did not work and the ssh connection was still painfully slow. More importantly, it failed PackStack installer so I had to fix it.

Further searching got me a page that suggests to use –o switch in the ssh command as follows.

# ssh -o GSSAPIAuthentication=no root@

The result is instant response for password, so the problem was solved. But I could not change the command line called by PackStack, so I had to make the change default without the switch.

To change it system wide, you can change the file in /etc/ssh folder as follows:

# vim /etc/ssh/ssh_config
Host *
GSSAPIAuthentication no

It’s also possible to change it just for a particular user – just change the file “config” under the hidden folder .ssh of the user’s home directory. For example, you can change it using the following command for root user.

# vim /root/.ssh/config

Skipping GSSAPIAuthentication may have some impact on security. To find out more, check out the wiki page here.

This entry was posted in Cloud Computing and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.


  1. Reinhard
    Posted June 20, 2013 at 11:13 am | Permalink

    Hi Steve,

    Thanks for sharing your thoughts. Maybe entering an IP-address to hostname mapping into the /etc/hosts-file on the Linux-Box solves your problem a bit nearer to the root-cause. It worked for me for every virtual host I connect to.

    Best regards

  2. Posted June 20, 2013 at 12:27 pm | Permalink

    Hi Reinhard,

    It can be another solution that seems better than turning off the GSSAPIAuthentication. Thanks a lot for sharing it!


  3. John
    Posted April 15, 2015 at 6:43 am | Permalink

    This worked! Except that I did not know that it is the ssh_config file on the machine from where ssh is invoked. Thanks


  4. Posted April 15, 2015 at 5:24 pm | Permalink

    Thanks for letting me know John, Great to know it works. -Steve

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.