Walker News

How To Fix: SCP And SSH Login Prompt Is Very Slow In Linux

Apparently, today is not a good day for me. But it’s not too bad too as I still have enough fingers to count all these bad incidents :-)

OK, back to topic. How to find out that what cause the SSH or SCP login prompt to slowdown? How could you fix this so-called slow or delayed SSH and SCP login prompt?

This is one of the “bad incident” happened on me today – as the boss was looking at me to scp program patches to a remote Linux-based application server, the SSH login prompt took more than 1 minute to appear on screen.

To be precise, the stopwatch showed that it took exactly 1 minute and 25 seconds to display SSH login prompt!

Luckily, I do not have to Google for more than a minute to find the cause and solution :-)

What causes SCP and SSH login prompt to slowdown?

For my case, the GSSAPI authentication feature was causing the delayed SSH login prompt!

You can confirm the causes of your case by using the -v option switch. For example, the following is the verbose response of SSH login process started with -v option:
dev01 [/home/devstl]$ ssh -v appssupp@10.50.100.111
......
......
......
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: Next authentication method: publickey
debug1: Trying private key: /home/devstl/.ssh/identity
debug1: Trying private key: /home/devstl/.ssh/id_rsa
debug1: Trying private key: /home/devstl/.ssh/id_dsa
debug1: Next authentication method: password
appssupp@10.50.100.111's password:

How to fix SCP and SSH delayed login prompt?

The answer for my case is apparently by disabling GSSAPI authentication, which can be done in one of these three ways:
The “fix” is tested with SSH clients installed by openssh-clients-3.9p1-8.RHEL4.15 RPM file.

1) Specify the option to disable GSSAPI authentication when using SSH or SCP command, e.g.:
ssh -o GSSAPIAuthentication=no appssupp@10.50.100.111

2) Explicitly disable GSSAPI authentication in SSH client program configuration file, i.e. edit the /etc/ssh/ssh_config and add in this configuration (if it’s not already in the config file):
GSSAPIAuthentication no

3) Create a file called config in .ssh directory of respective user home directory (or whichever user home directory that need to get rid of this show login prompt). For example, edit /home/devstl/.ssh/config (create the config file if it’s not currently exist) and add in the GSSAPIAuthentication no option.
1) /etc/ssh/ssh_config is a global SSH client configuration file that affects all system users who are using SSH client programs.

2) /home/devstl/.ssh/config is local SSH client configuration file that only affects the user account called devstl. Whatever SSH client options specified in this local file overwrite the options stated in global SSH client configuration file.

After disabling GSSAPI authentication, SSH login prompt is back to “normal” now:
dev01 [/home/devstl]$ ssh -v appssupp@10.50.100.111
......
......
......
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/devstl/.ssh/identity
debug1: Trying private key: /home/devstl/.ssh/id_rsa
debug1: Trying private key: /home/devstl/.ssh/id_dsa
debug1: Next authentication method: password
appssupp@10.50.100.111's password:

As you can see, the SSH login is not currently authenticated via public key cryptography method, which I’ve to fix it later :-(

Custom Search

  1. Dave 25-09-09@10:07

    The most common thing I see that causes this issue is improper DNS setup. Mainly the RDNS lookup is missing most times I have seen this issue.

  2. Art 01-12-09@05:18

    I’ve solved my “slow-authenticaiton_ssh” issue from link bellow:
    http://www.cygwin.com/ml/cygwin/2007-09/msg00689.html

    # echo ‘UseDNS no’ >> /etc/ssh/sshd_config
    # /etc/init.d/sshd restart

    ;)

  3. Dan 31-08-10@06:40

    Thanks for this, I got rid of the long delay by fixing the nsswitch.conf and dhcpagent config on the Sun server. The final 15 second delay was due to the GSS API. Thanks!

  4. walter 18-03-11@00:57

    Thanks! works for me!

  5. Justin Dorfman 27-05-11@09:39

    Bless you kind sir. Thanks!

  6. Scott 25-05-12@22:33

    Thanks… I didn’t know about the -v switch. I had already tried the dns=no and that didn’t work but this worked like a charm.

  7. Chap 01-09-12@03:02

    Thanks! Not only for the solution, but for the tips on using and interpreting -v.

  8. Carlos 01-10-12@17:34

    Thanks walkernews, It helps me a lot!

  9. asparuh 22-10-12@15:07

    I had the same problem. I did not want to change the ssh configuration, so i just added a record in /etc/hosts “xxx.xxx.xxx.xxx somehost”

  10. kreaton 17-07-14@23:18

    Thanks a lot! It did the job!

  11. djkevin 02-04-15@13:43

    thanks , i set UseDNS no , and it become faster

2017  •  Privacy Policy