While using PackStack to install OpenStack for multi-node topology, I found my SSH client was so slow that it failed the PackStack installation command. The ssh I had was the default one with CentOS 6.4: “OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010.” It seemed to work just fine while using PackStack for all-in-one deployment as described in my previous article.
To isolate the problem, I started to print more debug information from the SSH as follows:
Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.
# ssh -vvv email@example.com … debug3: Trying to reverse map address 192.168.98.155
Alternatively, you can change the configuration file pertaining to current user:
# vim /root/.ssh/config HOST * LogLevel DEBUG3
It paused there trying to reverse IP address for more than 10 seconds before it moved on. After searching the Web, I found many pages suggesting that the /etc/ssh/sshd_config and change useDNS to no and restart sshd service.
UseDNS no # service sshd restart
It did not work and the ssh connection was still painfully slow. More importantly, it failed PackStack installer so I had to fix it.
Further searching got me a page that suggests to use –o switch in the ssh command as follows.
# ssh -o GSSAPIAuthentication=no firstname.lastname@example.org
The result is instant response for password, so the problem was solved. But I could not change the command line called by PackStack, so I had to make the change default without the switch.
To change it system wide, you can change the file in /etc/ssh folder as follows:
# vim /etc/ssh/ssh_config Host * GSSAPIAuthentication no
It’s also possible to change it just for a particular user – just change the file “config” under the hidden folder .ssh of the user’s home directory. For example, you can change it using the following command for root user.
# vim /root/.ssh/config
Skipping GSSAPIAuthentication may have some impact on security. To find out more, check out the wiki page here.