当前位置:网站首页>关于ssh登录时卡顿30s左右的问题调试处理
关于ssh登录时卡顿30s左右的问题调试处理
2022-07-07 17:23:00 【羌俊恩】
一、问题描述
内网ssh一台主机时,每次总是卡顿30s左右才能跳到远程主机上,其他主机ssh均正常,对比各主机配置并无特殊不同,那我们接下来分析下如何定位主机的可能原因
ssh采用对称你要加密,即使用公钥 (public key):提供给远程主机进行数据加密的行为,大家都能取得你的公钥来将数据加密的意思;私钥 (private key):远程主机使用你的公钥加密的数据,在本地端就能够使用私钥来进行解密。
二、分析处理
1)命令选项调试
-o GSSAPIAuthentication=no或-o strictHostKeyChecking=no选项进行ssh登录测试。
debug1: SSH2_MSG_SERVICE_ACCEPT received //ssh卡顿出现在此处,从下可发现,在GSS认证过程中,尝试了多次,最好采用密钥对方式
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Cannot determine realm for numeric host address
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
2)修改GSS认证
vim /etc/ssh/sshd_config //注释如下2行,验证未果
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
3)重启后再次验证发现,仍出现卡顿,卡顿点如下:
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received //卡顿仍出现在此处
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = zh_CN.UTF-8
对比正常登录的主机日志,并未发现异常;正常主机即时使用GSS认证也未出现卡顿,唯一区别就是卡顿主机使用别的ssh端口;对比/etc/pam.d/sshd 也是一样的,未发现异同;
4)关闭DNS解析,编辑/etc/ssh/sshd_config ,修改 UseDNS no,测试验证登录不再卡顿。即现场验证:ssh默认开启DNS解析的,即使未配置为yes;
5)经测试验证,开启GSS认证并不是导致本次ssh登录卡顿的原因,UseDNS选项是本次的主要直接原因;但是其他正常主机未开启也未运行ssh登录,受影响主机与其他正常主机不同的地方就是主机名修改了,不是默认的localhost了,但是ping测试依然显示正常。
注:UseDNS特性是SSH服务的安全增强特性,默认是打开的。开启后,服务端会先根据客户端IP进行DNS PTR反向查询,得到客户端主机名。再根据得到的客户端主机名进行DNS正向A记录查询,最后比对得到的IP与原始IP是否一致,用以防止客户端欺骗。尤其启用GSSAPI认证后,它需要借助于域名进行身份认证。
边栏推荐
- 咋吃都不胖的朋友,Nature告诉你原因:是基因突变了
- 杰理之关于 TWS 声道配置【篇】
- Pasqal首席技术官:模拟量子计算率先为工业带来量子优势
- POJ 2392 Space Elevator
- IP netns command (memo)
- Research and practice of super-resolution technology in the field of real-time audio and video
- Responsibility chain model - unity
- Classification and application of enterprise MES Manufacturing Execution System
- Creative changes brought about by the yuan universe
- In 2021, the national average salary was released. Have you reached the standard?
猜你喜欢
Experiment 1 of Compilation Principle: automatic implementation of lexical analyzer (Lex lexical analysis)
6. About JWT
抢占周杰伦
2022.07.05
Matplotlib drawing 3D graphics
2022.07.04
5billion, another master fund was born in Fujian
多个kubernetes集群如何实现共享同一个存储
Wechat web debugging 8.0.19 replace the X5 kernel with xweb, so the X5 debugging method can no longer be used. Now there is a solution
杰理之发起对耳配对、回连、开启可发现、可连接的轮循函数【篇】
随机推荐
[Verilog advanced challenge of Niuke network question brushing series] ~ multi bit MUX synchronizer
Version 2.0 of tapdata, the open source live data platform, has been released
POJ 1182: food chain (parallel search) [easy to understand]
Multimodal point cloud fusion and visual location based on image and laser
Unable to link the remote redis server (solution 100%
How to implement safety practice in software development stage
网易云信参与中国信通院《实时音视频服务(RTC)基础能力要求及评估方法》标准编制...
“本真”是什么意思
企业MES制造执行系统的分类与应用
杰理之相同声道的耳机不允许配对【篇】
2022.07.04
Is AI more fair than people in the distribution of wealth? Research on multiplayer game from deepmind
2022上半年朋友圈都在传的10本书,找到了
杰理之关于 TWS 配对方式配置【篇】
Mathematical analysis_ Notes_ Chapter 11: Fourier series
指定opencv非标准安装的版本
Review of network attack and defense
虚拟数字人里的生意经
最长公共前缀(leetcode题14)
Teach your sister to write the message queue hand in hand