SSH connecting with key, from my machine suddenly got incredibly slow (~10sec!). It is not a server or DNS problem as far as I can figure out.
The problem suddenly appeared after a simple apt-get install kubuntu-desktop
and some minor KDE related mucking around, on my Ubuntu 15.04 x86_64.
Running ssh -vv ...
shows me that it waits for ages (most of the ~10sec…) at the last line from this:
OpenSSH_6.7p1 Ubuntu-5ubuntu1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/neuronq/.ssh/config
debug1: /home/neuronq/.ssh/config line 1: Applying options for XXX.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
…and my /etc/ssh/ssh_config
contains this (I didn't paste the commented out lines):
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
Is there any way in which Kubuntu desktop install can suddenly result in this slowdown (some keystore/wallet weird thing)? (Also, in KDE I couldn't get ssh login by key to work at all, except in the terminal by manually doing a ssh-add
beforehand and entering my key passphrase, but I've since given up on KDE completely and I'm back to Unity, so I don't longer care about this… but it could be related)
Best Answer
Do you have the same troubles by password authentication, or this is really related to key authentication?
You client may provide proper DNS resolution, but it is your server which will try anyway to perform a reverse-lookup from your IP address; this may explain the delay, as @kasperd says. But from experience, this does not exceed a few seconds.
Does SSH succeeds in authentication finally? If so, it really looks like a DNS problem. Try if your configuration/administrator permits so adding your IP/hostname into the server's /etc/hosts. This will bypass the DNS resolution on server side. If you won't configure your DNS to provide proper reverse-lookup on server side for the client,
useDNS no
is, as @kasperd says, to be put on the/etc/ssh/sshd_config
of the server.If your administrator won't do this, there is nothing more your can do.
EDIT: There is absolutely no way KDE/Unity or any desktop manager could result in this slowdown. I would be amazingly surprised this is the case. However, the fact you need to provide
ssh-add
to use your keys is interesting. This command is used to make your authentication agent to remember the passphrases you tipped for your keys. To specify key to be used, either do it by command line, or in your~/.ssh/config
file: