【淺層優化實戰】ssh遠程登陸Linux卡慢的全過程排查及解決方案

ssh遠程登陸Linux卡慢的全過程排查及解決方案

前言：

　　在linux操做系統使用過程當中偶然一次感到使用ssh遠程鏈接軟件鏈接操做系統須要等待許久，第一次沒在乎，第二次也沒在乎，第三次有點忍受不住了，就抽時間想解決掉這個問題，順便寫下這篇博文已幫助更多的人解決次煩惱。

　　ssh慢廣泛緣由是由於DNS解析致使，若是還不行那就查看ssh遠程登陸的全過程。那麼，實戰正式開始~

測試環境：

1 CentOS 6.7 2.6.32-573.el6.x86_64

更改ssh配置文件設置禁用DNS解析：

一、在ssh服務端上更改/etc/ssh/sshd_config文件中的配置爲以下內容：

1 UseDNS no

 

而後，保存並退出，執行/etc/init.d/sshd restart重啓sshd進程使上述配置生效，在鏈接應該就不慢了。若是再慢就要使用以下排除過程。

排查過程：

　　首先用到的命令就是：ssh -v 相信你們對此並不陌生，工欲善其事必先利其器，如今有了，那就能夠開始浪了~

 1 [root@6 ~]# ssh -v root@192.168.222.129
 2 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
 3 debug1: Reading configuration data /etc/ssh/ssh_config
 4 debug1: Applying options for *
 5 debug1: Connecting to 192.168.222.129 [192.168.222.129] port 22.
 6 debug1: Connection established.
 7 debug1: permanently_set_uid: 0/0
 8 debug1: identity file /root/.ssh/identity type -1
 9 debug1: identity file /root/.ssh/identity-cert type -1
10 debug1: identity file /root/.ssh/id_rsa type -1
11 debug1: identity file /root/.ssh/id_rsa-cert type -1
12 debug1: identity file /root/.ssh/id_dsa type -1
13 debug1: identity file /root/.ssh/id_dsa-cert type -1
14 debug1: identity file /root/.ssh/id_ecdsa type -1
15 debug1: identity file /root/.ssh/id_ecdsa-cert type -1
16 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
17 debug1: match: OpenSSH_5.3 pat OpenSSH*
18 debug1: Enabling compatibility mode for protocol 2.0
19 debug1: Local version string SSH-2.0-OpenSSH_5.3
20 debug1: SSH2_MSG_KEXINIT sent
21 debug1: SSH2_MSG_KEXINIT received
22 debug1: kex: server->client aes128-ctr hmac-md5 none
23 debug1: kex: client->server aes128-ctr hmac-md5 none
24 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
25 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
26 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
27 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
28 The authenticity of host '192.168.222.129 (192.168.222.129)' can't be established.
29 RSA key fingerprint is 83:bf:ab:33:07:86:11:d4:33:56:ab:a7:34:77:d3:f9.
30 Are you sure you want to continue connecting (yes/no)? y  #此處手殘，順手打了個「y」 正確的在下面 - -、
31 Please type 'yes' or 'no': yes  我是正確的 ☺ 32 Warning: Permanently added '192.168.222.129' (RSA) to the list of known hosts.
33 debug1: ssh_rsa_verify: signature correct
34 debug1: SSH2_MSG_NEWKEYS sent
35 debug1: expecting SSH2_MSG_NEWKEYS
36 debug1: SSH2_MSG_NEWKEYS received
37 debug1: SSH2_MSG_SERVICE_REQUEST sent
38 debug1: SSH2_MSG_SERVICE_ACCEPT received
39 
40 
41 那麼重點來了。當執行到此環節的是出現了卡頓的現象，博主機智的敲了幾下回車與其隔開方便後來查看~

                           

42 　　　　好吧言歸正傳...

43 
44 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password　　#此處提示認證能夠繼續。but......下面彷佛沒有那麼順利
45 debug1: Next authentication method: gssapi-keyex　　　　　　　　　#下一步驗證方法：GSSAPI-keyex~
46 debug1: No valid Key exchange context　　　　　　　　　　　　　　　 #好吧，彷佛也死掉了。。提示木有有效的密鑰交換環境，也就是說
47 debug1: Next authentication method: gssapi-with-mic             #能夠看出此處系統不死心。。又使用下一個驗證方法：gssapi-with-mic，可是以失敗了結，那麼咱們再日後看。

48
49 
50 
51 
52 reverse mapping checking getaddrinfo for bogon [192.168.222.129] failed - POSSIBLE BREAK-IN ATTEMPT!
53 debug1: Unspecified GSS failure.  Minor code may provide more information
54 Credentials cache file '/tmp/krb5cc_0' not found
55 
56 debug1: Unspecified GSS failure.  Minor code may provide more information
57 Credentials cache file '/tmp/krb5cc_0' not found
58 
59 debug1: Unspecified GSS failure.  Minor code may provide more information
60 
61 
62 debug1: Unspecified GSS failure.  Minor code may provide more information
63 Credentials cache file '/tmp/krb5cc_0' not found
64 
65 debug1: Next authentication method: publickey　　　　　　　　　　　　　　　　#通過幾回挫折，系統放棄了..啓用了publickey驗證方式
66 debug1: Trying private key: /root/.ssh/identity
67 debug1: Trying private key: /root/.ssh/id_rsa
68 debug1: Trying private key: /root/.ssh/id_dsa
69 debug1: Trying private key: /root/.ssh/id_ecdsa
70 debug1: Next authentication method: password
71 root@192.168.222.129's password: 

 　　從上面反饋的結果中咱們發現，是GSSAPI驗證在搗鬼，那咱們將其禁用不就行了。。

 解決方法：

首先編輯ssh配置文件：

　　vim /etc/ssh/sshd_config

1 # GSSAPI options
2 #GSSAPIAuthentication no
3 GSSAPIAuthentication yes　　　　　　　　#←這一行大約在文檔的第81行，咱們看到它開啓了yes的狀態，而GSSAPIAuthentication no被無情的註釋掉了。。。咱們能夠將其放出來，，或者將yes改爲no

4 #GSSAPICleanupCredentials yes 
5 GSSAPICleanupCredentials yes
6 #GSSAPIStrictAcceptorCheck yes 
7 #GSSAPIKeyExchange no

 而後保存退出:wq 重啓一下ssh服務便可。

 ok這樣基本就解決了全部問題~