January 20, 2009

Fix for a slow SSH login

Filed under: Tips — Tags: , , — Webopius @ 7:50 pm

You may have seen on our previous post that we are running one of our sites on a Linux Ubuntu server with the nginx web server.

Well, like pretty much everyone doing web development we regularly ssh and sftp into the server to change configurations and update files.

With this recent server we hit an issue that whenever we ran ssh (or sftp), it would take about 20 seconds for the password prompt to appear. As we are using a Unix based client (OS X), initially we thought it was a problem on this client machine but connections to all other servers were fine.

The problem appears to be that the SSH deamon (sshd) tries to do a reverse lookup of the IP address of the client machine connecting. This takes time and often fails hence the slow response.

The fix

If you look online, you’ll see people suggesting adding “GSSAPIAuthentication no” or “GSSAPIDelegateCredentials yes” or even installing updates to krb5-config.

We found the solution to be a one liner change to the /etc/ssh/sshd_config file on the server (the machine you are connecting to). Just add (or change the existing) UseDNS line to “no” like this: UseDNS no.

Save this change, then restart the sshd service:

sudo /etc/init.d/ssh restart

Now, try logging in again with ssh from your client and the response will be much better.

  • Tags