ssh一台rockylinux9.6机器,发现很慢,我们已经知道ssh登录一台Linux机器慢,通常是DNS解析的问题,这是可以修改/etc/ssh/sshd_config中:
UseDNS no
但是本次的问题不是这个原因,因为做了上面的修改后,发现仍然很慢。
$ ssh -vvv root@10.198.170.12OpenSSH_9.2p1 Debian-2+deb12u7, OpenSSL 3.0.17 1 Jul 2025.........debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,passworddebug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,passworddebug3: preferred gssapi-with-mic,publickey,keyboard-interactive,passworddebug3: authmethod_lookup gssapi-with-micdebug3: remaining preferred: publickey,keyboard-interactive,passworddebug3: authmethod_is_enabled gssapi-with-micdebug1: Next authentication method: gssapi-with-mic^Cu01@mx:~
发现卡在Next authentication method: gssapi-with-mic,原因很明白了与GSSAPI有关。
用下面的命令发现很快:
ssh -o GSSAPIAuthentication=no root@10.198.170.12
说明确实是GSSAPI的问题。
检查我们的/etc/ssh/sshd_config文件中的配置:
# GSSAPI optionsGSSAPIAuthentication no#GSSAPICleanupCredentials yesGSSAPICleanupCredentials no#GSSAPIStrictAcceptorCheck yesGSSAPIStrictAcceptorCheck noGSSAPIKeyExchange noGSSAPIEnablek5users no
上面已经把GSSAPIAuthentication认证方法设置为关闭的状态。这是咋回事呢?
这时我们用下面的命令检查时:
[root@clup2 ~]# sudo sshd -T | grep gssapigssapienablek5users nogssapiauthentication yesgssapicleanupcredentials nogssapikeyexchange nogssapistrictacceptorcheck nogssapistorecredentialsonrekey nogssapikexalgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
发现GSSAPIAuthentication居然是打开的。说明/etc/ssh/sshd_config的配置不起作用。
[root@clup2 ~]# sudo grep -Ri GSSAPIAuthentication /etc/ssh//etc/ssh/ssh_config.d/50-redhat.conf: GSSAPIAuthentication yes/etc/ssh/ssh_config:# GSSAPIAuthentication no/etc/ssh/sshd_config.d/50-redhat.conf:GSSAPIAuthentication yes/etc/ssh/sshd_config:GSSAPIAuthentication no/etc/ssh/sshd_config:gssapiauthentication no
最后发现是在/etc/ssh/sshd_config.d/50-redhat.conf中把GSSAPIAuthentication yes,修改此文件把此值改成 no,然后用命令systemctl restart sshd重启sshd服务之后问题解决。