Slow SSH and SCP connections on Ubuntu

Posted on

My home Ubuntu Jaunty installation often takes a good 40-60 seconds to connect to using SSH, none of the other servers I maintain have this same problem, they’re pretty much instantaneous, and today, on a Friday evening at 1am this irked me enough to fix it!

The first step is of course to make the SSH connection with debug output on.

<br /> Chill:~ idimmu$ ssh -v cordy<br /> OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006<br /> debug1: Reading configuration data /Users/idimmu/.ssh/config<br /> debug1: Reading configuration data /etc/ssh_config<br /> debug1: Connecting to cordy [192.168.0.10] port 22.<br /> debug1: Connection established.<br /> debug1: identity file /Users/idimmu/.ssh/identity type -1<br /> debug1: identity file /Users/idimmu/.ssh/id_rsa type -1<br /> debug1: identity file /Users/idimmu/.ssh/id_dsa type 2<br /> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1<br /> debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*<br /> debug1: Enabling compatibility mode for protocol 2.0<br /> debug1: Local version string SSH-2.0-OpenSSH_5.2<br /> debug1: SSH2_MSG_KEXINIT sent<br /> debug1: SSH2_MSG_KEXINIT received<br /> debug1: kex: server->client aes128-ctr hmac-md5 none<br /> debug1: kex: client->server aes128-ctr hmac-md5 none<br /> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<br /> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br /> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br /> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br /> debug1: Host 'cordy' is known and matches the RSA host key.<br /> debug1: Found key in /Users/idimmu/.ssh/known_hosts:7<br /> debug1: ssh_rsa_verify: signature correct<br /> debug1: SSH2_MSG_NEWKEYS sent<br /> debug1: expecting SSH2_MSG_NEWKEYS<br /> debug1: SSH2_MSG_NEWKEYS received<br /> debug1: SSH2_MSG_SERVICE_REQUEST sent<br /> debug1: SSH2_MSG_SERVICE_ACCEPT received

< 30 – 40 second pause occurs here >

<br /> debug1: Authentications that can continue: publickey,password<br /> debug1: Next authentication method: publickey<br /> debug1: Trying private key: /Users/idimmu/.ssh/identity<br /> debug1: Trying private key: /Users/idimmu/.ssh/id_rsa<br /> debug1: Offering public key: /Users/idimmu/.ssh/id_dsa<br /> debug1: Server accepts key: pkalg ssh-dss blen 433<br /> debug1: read PEM private key done: type DSA<br /> debug1: Authentication succeeded (publickey).<br /> debug1: channel 0: new [client-session]<br /> debug1: Requesting no-more-sessions@openssh.com<br /> debug1: Entering interactive session.<br /> debug1: Requesting authentication agent forwarding.<br /> Linux Cordy 2.6.28-15-generic #49-Ubuntu SMP Tue Aug 18 18:40:08 UTC 2009 i686<br /> Last login: Sat Jan 23 01:22:08 2010 from chill.local<br /> idimmu@Cordy:~$

A quick Google for SSH2_MSG_SERVICE_ACCEPT and a read of man sshd_config gave me:

<br /> UseDNS Specifies whether sshd(8) should look up the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''.<br />

So I simply added

<br /> UseDNS no<br />

to the end of /etc/ssh/sshd_config and issued an sudo /etc/init.d/ssh reload and bamo, instant SSH access and I can sleep peacefully!