[Bug 84899] Re: SSH with GSSAPIAuthentication option on SSH servers are very slow
Gabriel de Perthuis
84899 at bugs.launchpad.net
Wed Oct 24 19:39:36 UTC 2012
So here's a list of the workarounds:
On the client:
# disable reverse lookups in kerberos
echo $'[libdefaults]\n\trdns=false' |sudo tee -a /etc/krb5.conf
# Alternatively, remove mdns, mdns4, mdns6 from nsswitch
/etc/nsswitch.conf
# Or disable GSSAPIAuthentication in ~/.ssh/config or /etc/ssh/ssh_config or with the -o flag
GSSAPIAuthentication=no
On the server:
GSSAPIAuthentication=no in /etc/ssh/sshd_config
Fixes that require coding would be the one at http://bugs.debian.org/409360#40 which seems simple enough.
Paliatives would be a cache of notfound results in avahi or in sshd (so that the 5 seconds Avahi timeout isn't repeated for the four times ssh tries name resolution).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/84899/+subscriptions
More information about the Ubuntu-server-bugs
mailing list