Ubuntu – SSH by key incredibly slow

kubuntusshssh-agentssh-keygenUbuntu

SSH connecting with key, from my machine suddenly got incredibly slow (~10sec!). It is not a server or DNS problem as far as I can figure out.

The problem suddenly appeared after a simple apt-get install kubuntu-desktop and some minor KDE related mucking around, on my Ubuntu 15.04 x86_64.

Running ssh -vv ... shows me that it waits for ages (most of the ~10sec…) at the last line from this:

OpenSSH_6.7p1 Ubuntu-5ubuntu1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/neuronq/.ssh/config
debug1: /home/neuronq/.ssh/config line 1: Applying options for XXX.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *

…and my /etc/ssh/ssh_config contains this (I didn't paste the commented out lines):

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication no
    GSSAPIDelegateCredentials no

Is there any way in which Kubuntu desktop install can suddenly result in this slowdown (some keystore/wallet weird thing)? (Also, in KDE I couldn't get ssh login by key to work at all, except in the terminal by manually doing a ssh-add beforehand and entering my key passphrase, but I've since given up on KDE completely and I'm back to Unity, so I don't longer care about this… but it could be related)

Best Answer

Do you have the same troubles by password authentication, or this is really related to key authentication?

You client may provide proper DNS resolution, but it is your server which will try anyway to perform a reverse-lookup from your IP address; this may explain the delay, as @kasperd says. But from experience, this does not exceed a few seconds.

Does SSH succeeds in authentication finally? If so, it really looks like a DNS problem. Try if your configuration/administrator permits so adding your IP/hostname into the server's /etc/hosts. This will bypass the DNS resolution on server side. If you won't configure your DNS to provide proper reverse-lookup on server side for the client, useDNS no is, as @kasperd says, to be put on the /etc/ssh/sshd_config of the server.

If your administrator won't do this, there is nothing more your can do.

EDIT: There is absolutely no way KDE/Unity or any desktop manager could result in this slowdown. I would be amazingly surprised this is the case. However, the fact you need to provide ssh-add to use your keys is interesting. This command is used to make your authentication agent to remember the passphrases you tipped for your keys. To specify key to be used, either do it by command line, or in your ~/.ssh/config file:

# in your command line:
ssh -i /path/to/your/private/key user@host

# or in your /home/$user/.ssh/config file:
# (on command line later, simply use ssh user@host or ssh host if
# user locally and remotely are the same
Host $myhost
    IdentityFile /path/to/your/private/key
    IdentitiesOnly yes
Related Topic