使用CentOS7登录时延迟很长时间

Modified on: Thu, 22 Aug 2019 17:20:02 +0800

我有一个CentOS 7系统,当我使用putty或ssh登录时,在我收到密码提示之前会有很长时间的延迟。我跑了ssh -v,我发现它达到了这个目的:

debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

然后它在那里坐了1-2分钟,然后输出爆炸:

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Trying private key: /home/motor/.ssh/id_rsa
debug1: Trying private key: /home/motor/.ssh/id_dsa
debug1: Trying private key: /home/motor/.ssh/id_ecdsa
debug1: Trying private key: /home/motor/.ssh/id_ed25519
debug1: Next authentication method: password

然后出现密码提示。无论哪个用户登录,都会发生这种情况。它只发生在1系统上。我还有其他5个人,没有延误。

日志中没有磁盘或内存或任何其他错误。

是什么导致它像这样延迟?

更新:

我尝试将GSSAPIAuthentication设置为no,但这并没有解决问题。

我再次运行ssh,这次使用-vvv。这个输出出来然后挂了:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/motor/.ssh/id_rsa ((nil)),
debug2: key: /home/motor/.ssh/id_dsa ((nil)),
debug2: key: /home/motor/.ssh/id_ecdsa ((nil)),
debug2: key: /home/motor/.ssh/id_ed25519 ((nil)),

1-2分钟后出现了:

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/motor/.ssh/id_rsa
debug3: no such identity: /home/motor/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_dsa
debug3: no such identity: /home/motor/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_ecdsa
debug3: no such identity: /home/motor/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_ed25519
debug3: no such identity: /home/motor/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

然后是密码提示。

最佳答案

在远程服务器上的/etc/ssh/sshd_config中,您应该将选项GSSAPIAuthentication更改为no。重启sshd,你应该好好去。

编辑:GSSAPI(通用安全服务应用程序编程接口)本质上是一个利用Kerberos库提供强大网络加密的API。除非有特殊原因需要启用GSSAPI,否则此方法应解决您遇到的问题。

edit2:为清楚起见,反向DNS检查也可能超时(具体检查连接主机的PTR记录)。 SSH执行此检查是理所当然的,因为它可以作为验证连接主机的安全措施。

说这个过程并没有增加真正的安全性,因为实际上有很大比例的主机没有PTR。有三种方法可以解决此问题:

1)。您可以修改sshd_config文件以使用UseDNS no参数。这将停止反向DNS查找。这样做是安全的。

2)。在适当的DNS系统中为连接速度较慢的主机添加PTR记录。

3)。使用相关条目在OS hosts文件中添加手动条目。

希望有所帮助!

作者:,Brett Levene

相关问答

添加新评论