Home > Cloud Computing > Slow SSH Client and Quick Hack

Slow SSH Client and Quick Hack

While using PackStack to install OpenStack for multi-node topology, I found my SSH client was so slow that it failed the PackStack installation command. The ssh I had was the default one with CentOS 6.4: “OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010.” It seemed to work just fine while using PackStack for all-in-one deployment as described in my previous article.

To isolate the problem, I started to print more debug information from the SSH as follows:

Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.

# ssh -vvv root@192.168.98.155
 
…
 
debug3: Trying to reverse map address 192.168.98.155

Alternatively, you can change the configuration file pertaining to current user:

# vim /root/.ssh/config
 
HOST *
 
LogLevel DEBUG3

It paused there trying to reverse IP address for more than 10 seconds before it moved on. After searching the Web, I found many pages suggesting that the /etc/ssh/sshd_config and change useDNS to no and restart sshd service.

UseDNS no
 
# service sshd restart

It did not work and the ssh connection was still painfully slow. More importantly, it failed PackStack installer so I had to fix it.

Further searching got me a page that suggests to use –o switch in the ssh command as follows.

# ssh -o GSSAPIAuthentication=no root@192.168.98.155

The result is instant response for password, so the problem was solved. But I could not change the command line called by PackStack, so I had to make the change default without the switch.

To change it system wide, you can change the file in /etc/ssh folder as follows:

# vim /etc/ssh/ssh_config
 
Host *
 
GSSAPIAuthentication no

It’s also possible to change it just for a particular user – just change the file “config” under the hidden folder .ssh of the user’s home directory. For example, you can change it using the following command for root user.

# vim /root/.ssh/config

Skipping GSSAPIAuthentication may have some impact on security. To find out more, check out the wiki page here.

Categories: Cloud Computing Tags: ,
  1. Reinhard
    June 20th, 2013 at 11:13 | #1

    Hi Steve,

    Thanks for sharing your thoughts. Maybe entering an IP-address to hostname mapping into the /etc/hosts-file on the Linux-Box solves your problem a bit nearer to the root-cause. It worked for me for every virtual host I connect to.

    Best regards
    Reinhard

  2. June 20th, 2013 at 12:27 | #2

    Hi Reinhard,

    It can be another solution that seems better than turning off the GSSAPIAuthentication. Thanks a lot for sharing it!

    Steve

  3. John
    April 15th, 2015 at 06:43 | #3

    This worked! Except that I did not know that it is the ssh_config file on the machine from where ssh is invoked. Thanks

    john

  4. April 15th, 2015 at 17:24 | #4

    Thanks for letting me know John, Great to know it works. -Steve

  1. No trackbacks yet.