Hello ALUG,
I've noticed recently that all my SSH logins take some time (around 5-10 seconds). I found that I can configure sshd with the option:
UseDNS no
to fix this. However, that's not quite satisfactory. For one thing, I can only do that on hosts where I manage the sshd. And for another, it doesn't explain why connecting to *all* the servers I normally do became slow at the same time. So I've been looking for anything on my local computer that's making them slow but so far haven't been able to find anything.
From the verbose output I can see that ssh waits after:
debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/mas01rl/.ssh/id_rsa (0x7fc503a76690), debug2: key: /home/mas01rl/.ssh/id_dsa ((nil)), debug2: key: /home/mas01rl/.ssh/id_ecdsa ((nil)), debug2: key: /home/mas01rl/.ssh/id_ed25519 ((nil)),
and then continues from:
debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive,password
after a pause of 5-10 seconds.
I noticed some discussion about the GSSAPI key exchange and how that can cause delays if you don't have Kerberos credentials. So I tried disabling it, but that didn't make any difference; and there weren't any relevant Kerberos error messages in the output anyway. (Also notice from the above output that I also tried changing the order of authentication methods to make GSSAPI come after publickey.)
Any suggestions what else could be wrong? Or is it really that all the servers need to have 'UseDNS no'? And if so, what has changed about them all to make this necessary? Or could it be something to do with my network set up?
Thanks, Richard