Feedback
are there any security implications, or is this just pure speed man
Ivanoats
October 5, 2007
#1
Yikes, that's much faster.
I use ssh frequently for application deployment, maintenance, and git SCM, so this will really speed up my workflow.
topfunky
October 6, 2007
#2
I don't think it creates any security issues, but I'm not a network guru. Actually, it should be like that by default:
GSSAPIKeyExchange
Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange doesn’t rely on ssh keys to verify host identity. The default is ‘‘no’’. Note that this option applies to protocol version 2 only.
Reference:
http://www.opensourcemanuals.org/manual/sshd_config/synopsis
Maestric
October 6, 2007
#3
This addresses the symptoms but not the underlying problems. If turning off DNS works, you're reverse DNS is broken. The GSSAPI stuff is a good thing long term, which is why it was enabled by default -- make sure the sshd on the servers your connecting to is up to date. If these are beyond your control, these config changes will help, but know what you're giving up.
Age
October 8, 2007
#4
Age, you seem to have a good idea of what is this "GSSAPI stuff" and how it works. Could you please give us more details about "good thing long term" and what we're "giving up"?
Maestric
October 9, 2007
#5
I had a problem where SSH connections would be really slow after passing login credentials. Eventually (sometimes after as much as 10+ minutes) I would be connected. I also noticed that X11 was loading all the time, and I couldn't see what app would be causing it. Eventually I figured out the fix to both. /etc/ssh_config had the line "ForwardX11 yes". I changed it to "ForwardX11 no" and both problems went away. Apparently X11 auth was hanging when I'd ssh to some hosts.
Munkey
November 28, 2007
#6
This solution worked great for me! Thank you! I only had to change the server's sshd_config file. I am sshing from a linux box.
John
March 7, 2008
#7
Worked! Thanks !
Jari
January 30, 2009
#8
Yes this is helpful.
ravi
October 23, 2009
#9
The DNS trick solved it for me, thanks!
João Moreno
March 30, 2010
#10
Works for me. Thanks a bunch.
Dat Nguyen
June 15, 2010
#11
test
test
January 29, 2011
#12
I noticed a big change in login speed using ssh when I 'upgraded' to the Lion seed package. Setting
GSSAPIKeyExchange no
did the trick. No need to update the server settings.
Thanks for posting.
Martin Hawkins
March 6, 2011
#13
I had the same problem when I upgraded to Lion today. Had been working fine until then. The solution was to open the network preferences and set the DNS name servers to those provided by the ISP. I had been using the router as the dns resolver but Lion seems to have some problems with that.
It required no changes to sshd_config and you're better off leaving the defaults alone unless you specifically require a non-standard setting. By disabling DNS is a security risk.
Bruce
August 25, 2011
#14
I didn't want to change the system default config file in /etc/ssh_config so I added a config file to my user's ssh config:
~/.ssh/config
That file reads:
Host *
GSSAPIAuthentication no
GSSAPIKeyExchange no
This fixed the delay for me (on Lion)
Scott
October 20, 2011
#15
I did what Scott did, and it worked perfectly (running 10.7.2).
A
October 23, 2011
#16
yep, Scott's method is ok on 10.7.0
NV
January 14, 2012
#17
Anyone know how to fix this in Lion?
%> host cm-11
cm-11.foo.com has address 192.168.199.71
%> ssh cm-11
ssh: Could not resolve hostname cm-11: nodename nor servname provided, or not known
host, dig, and nslookup all work, but ssh, ping, ftp etc fail name lookups.
Bruce
January 26, 2012
#18
