While using PackStack to install OpenStack for multi-node topology, I found my SSH client was so slow that it failed the PackStack installation command. The ssh I had was the default one with CentOS 6.4: “OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010.” It seemed to work just fine while using PackStack for all-in-one deployment as described in my previous article.
To isolate the problem, I started to print more debug information from the SSH as follows:
Bothered by SLOW Web UI to manage vSphere? Want to manage ALL your VMware vCenters, AWS, Azure, Openstack, container behind a SINGLE pane of glass? Want to search, analyze, report, visualize VMs, hosts, networks, datastores, events as easily as Google the Web? Find out more about vSearch 3.0: the search engine for all your private and public clouds.
# ssh -vvv firstname.lastname@example.org … debug3: Trying to reverse map address 192.168.98.155
Alternatively, you can change the configuration file pertaining to current user:
# vim /root/.ssh/config HOST * LogLevel DEBUG3
It paused there trying to reverse IP address for more than 10 seconds before it moved on. After searching the Web, I found many pages suggesting that the /etc/ssh/sshd_config and change useDNS to no and restart sshd service.
UseDNS no # service sshd restart
It did not work and the ssh connection was still painfully slow. More importantly, it failed PackStack installer so I had to fix it.
Further searching got me a page that suggests to use –o switch in the ssh command as follows.
# ssh -o GSSAPIAuthentication=no email@example.com
The result is instant response for password, so the problem was solved. But I could not change the command line called by PackStack, so I had to make the change default without the switch.
To change it system wide, you can change the file in /etc/ssh folder as follows:
# vim /etc/ssh/ssh_config Host * GSSAPIAuthentication no
It’s also possible to change it just for a particular user – just change the file “config” under the hidden folder .ssh of the user’s home directory. For example, you can change it using the following command for root user.
# vim /root/.ssh/config
Skipping GSSAPIAuthentication may have some impact on security. To find out more, check out the wiki page here.