SSH slow

Posted on 2011-03-11
Last Modified: 2012-06-21
I have a DMZ Linux server which is having SSH connection issues.

--> when I access the server using putty, It quickly gives a login prompt. But it takes almost 30 seconds to give the password prompt. Once I get the password prompt, Enter the password. Its quick. What couple be the problem

The server is in DMZ and we dont have a DNS in the DMZ. Till date I thought that ssh was looking a reverse look up and since it cannot, Its taking time. But there are other Linux servers which have no issues. Should there be some changes made to the sshd_config file
Question by:mnis2008
  • 4
  • 2
  • 2

Expert Comment

ID: 35112964
You might have too many acceptable access mechanisms enable in libPAM or in your sshd_config.  either that or its looking in a bad file.

Or you're trying to pass it a public key (or multiple public keys) that aren't working.

Author Comment

ID: 35113006
Hello Tearman, I am not using any keys. Attached is my sshd_config and I dont think I have many access mechanisms.
#       $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel DEBUG

# Authentication:

LoginGraceTime 1m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /etc/issue
Banner /etc/motd

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

Open in new window


Expert Comment

ID: 35113057
Disable UsePAM and GSSAPI and see if that speeds you up at all, those might be unconfigured which leads to the issue.

Expert Comment

ID: 35113063
Check your DNS configuration, chances are its timing out and thats whats giving the delayed response
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.


Author Comment

ID: 35113076
Its still the same issue.

Author Comment

ID: 35113086
This server is in the DMZ and DMZ doesnot have a DNS server. Is it that its trying to do a reverse DNS lookup.

Accepted Solution

droyden earned 500 total points
ID: 35113172
yeah, it will be trying to reverse the connecting IP address. You can possibly get around this by stickign your ip in the hosts file. You can also set "UseDns No" in /etc/ssh/sshd_config and restart ssh

Author Comment

ID: 35113221
FIXED....... now its not asking....

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fixing Non-Standard characters in text 8 91
AWS vpc peering connection 1 42
Python variable _ manually assigned 9 63
is my large folder zipped corrupted 4 49
Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now