Make your ssh login faster
If you are like me and have to shuttle across multiple linux based servers doing stuff here and there, then you invariably use ssh to setup your connections. This is a pain in itself, but imagine waiting ages for even the password prompt to show up – that really sucks. This post is about how you can get around this problem and make life a bit easier for yourself.
Why this happens
The usual suspect in such cases is over-zealous security mechanisms – the client (your local machine) tries to authenticate with the server (the system you are trying to connect to) using various authentication methods. One of these is GSSAPI, which also turns out to be the main culprit in such cases. What happens is, your client tries to authenticate with the server using GSSAPI, and vice versa – however the pre-requisite configurations have not been performed at both ends, leading to timing out of this operation and a delay in appearance of the login prompt.
How to make sure this is the problem?
Turn on the verbose mode when you ssh into the target server – not only does it give a lot of useful information and insight, but it also shows you exactly whats happening behind the scenes. The verbose mode for ssh can be turned on by using the ‘v’ switch.
ssh -v <target_server>
If indeed GSSAPI is the root cause, you should see the proceedings getting stuck for a while at this point,
debug1: Unspecified GSS failure. Minor code may provide more information Cannot determine realm for numeric host address
How to get around this?
Consult your system admin to confirm if GSSAPI is actually needed – in most cases, its not, in which case you can proceed with the next step – disabling the brat. There are two ways to go about doing this – from the client (your) end, or from the server end itself for good.
Disabling GSSAPI from the client end involves making an entry into the ssh config that lies in your home directory,
Add the following entry to this file,
Host * GSSAPIAuthentication no
That’s it! Any subsequent connections should be throw up the password prompt instantaneously.
Now the above solution works for just a single client. If you are the server admin and don’t want your users to suffer such delays, a simple configuration change can take care of this issue for all users.
Edit the ssh configuration file at this path,
In the above file, look for the line that says “GSSAPIAuthentication” and change its value to “No” and thats it. Make sure you reload the ssh service for the changes to take effect,
service sshd reload
That is all – enjoy the faster ssh connections!