ssh连业务上的几台机子,总是很慢。而且师姐为了安全设置了40位以上的密码,受不了啊。
忍了几天,不能再忍了,就想设置一些无密码登录,结果也看到了为什么连的慢的问题。
嘿嘿,无心插柳。
ssh可以再运行时加参数,一边运行一边显示的调试模式。
1,首先sshd服务程序启动
这里 -p指定端口 (默认的会是22端口)
-d 表示启用调试模式,显示一些输出。
2,然后用ssh客户端去连服务程序。
这里用 -v 设置显示连接细节。(客户端显示 -v 与服务端 -d 互不影响)
3,sshd服务端显示
-
debug1: sshd version OpenSSH_5.3p1
-
debug1: read PEM private key done: type RSA
-
debug1: private host key: #0 type 1 RSA
-
debug1: read PEM private key done: type DSA
-
debug1: private host key: #1 type 2 DSA
-
debug1: rexec_argv[0]='/usr/sbin/sshd'
-
debug1: rexec_argv[1]='-p'
-
debug1: rexec_argv[2]='23'
-
debug1: rexec_argv[3]='-d'
-
Set /proc/self/oom_score_adj from 0 to -1000
-
debug1: Bind to port 23 on 0.0.0.0.
-
Server listening on 0.0.0.0 port 23.
-
debug1: Bind to port 23 on ::.
-
Server listening on :: port 23.
-
debug1: Server will not fork when running in debugging mode.
-
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
-
debug1: inetd sockets after dupping: 3, 3
-
。。。。。。。。。。。。。。。。。。
-
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: PAM: setting PAM_RHOST to "10.11.10.225"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:4c:14:80:92:8e:64:c5:f8:b1:37:33:3e:62:09:11
debug1: restore_uid: 0/0
Postponed publickey for root from 10.11.10.225 port 45243 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 failures 0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:4c:14:80:92:8e:64:c5:f8:b1:37:33:3e:62:09:11
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
可以看到,基本的会话形式就是服务其提供几种认证方式,客户端不断去尝试各种方法去认证。上图有debug1: trying public key file /root/.ssh/authorized_keys字面。就是添加的自己机器产生的公钥,上传上去的。
4,再看客户端,一眼就看到卡在那里了。等,,
-
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
-
debug1: Next authentication method: gssapi-keyex
-
debug1: No valid Key exchange context
-
debug1: Next authentication method: gssapi-with-mic
-
debug1: Unspecified GSS failure. Minor code may provide more information
-
Cannot determine realm for numeric host address
-
-
debug1: Unspecified GSS failure. Minor code may provide more information
-
Cannot determine realm for numeric host address
就那个gccapi-keyex。
好吧,承认自己学艺不精,没听过,但一定是一种认证方式。
5,解决办法。
找到原因,这就好办了。
打开/etc/ssh/ssh_config (ssh客户端的配置文件)
-
Host *
-
GSSAPIAuthentication yes
-
# If this option is set to yes then remote X11 clients will have full access
-
# to the original X11 display. As virtually no X11 client supports the untrusted
-
# mode correctly we set this to yes.
-
ForwardX11Trusted yes
-
# Send locale-related environment variables
-
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-
SendEnv XMODIFIERS
把GSSAPIAuthentication yes 改成 GSSAPIAuthentication no
好的,现在即使服务端提供这种方法,客户端也不会去尝试,直接跳过。
连起来,果然快了。
阅读(3944) | 评论(0) | 转发(0) |
