zoukankan      html  css  js  c++  java
  • linux下SSH远程连接服务慢解决方案

    1、适用命令及方案如下:
    【远程连接及执行命令】
    ssh -p22 root@10.0.0.19
    ssh -p22 root@10.0.0.19 /sbin/ifconfig
    【远程拷贝:推送及拉取】
    scp -P22 -r -p /etc root@10.0.0.19:/tmp/
    scp -P22 -r -p root@10.0.0.19:/tmp/ /etc
    【安全的FTP功能】
    sftp -oPort=22 root@10.0.0.19
    【无密码验证方案】
    例如利用sshkey批量分发文件,执行部署操作。

    2、连接慢的主要原因是DNS解析导致
    解决方法:

    1、在ssh服务端上更改/etc/ssh/sshd_config文件中的配置为如下内容:
    UseDNS no
    # GSSAPI options
    GSSAPIAuthentication no
    然后,执行/etc/init.d/sshd restart重启sshd进程使上述配置生效,在连接一般就不慢了。

    2、如果还慢的话,检查ssh服务端上/etc/hosts文件中,127.0.0.1对应的主机名是否和
    uname -n的结果一样,或者把本机ip和hostname(uname -n结果)加入到/etc/hosts里。

    1
    2
    3
    4
    5
    6
    7
    8
    [root@C64 ~]# uname -n
    C64
    [root@C64 ~]# cat /etc/hosts
    #modi by oldboy 11:12 2013/9/24
    127.0.0.1   C64 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    10.0.0.18   C64
    ################

    3、利用ssh-v的调试功能查找慢的原因
    其实可以用下面的命令调试为什么慢的细节(学习这个思路很重要)。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    [root@C64 ~]# ssh -v root@10.0.0.19
    OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to 10.0.0.19 [10.0.0.19] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH_4*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    The authenticity of host '10.0.0.19 (10.0.0.19)' can't be established.
    RSA key fingerprint is ca:18:42:76:0e:5a:1c:7d:ef:fc:24:75:80:11:ad:f9.
    Are you sure you want to continue connecting (yes/no)? yes
    =======>老男孩老师评:这里就是提示保存密钥的交互提示。
    Warning: Permanently added '10.0.0.19' (RSA) to the list of known hosts.
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/identity
    debug1: Trying private key: /root/.ssh/id_rsa
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Next authentication method: password
    root@10.0.0.19's password:
    =======>老男孩老师评:这里就是提示输入密码的交互提示。
    debug1: Authentication succeeded (password).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    debug1: Sending environment.
    debug1: Sending env LANG = en_US.UTF-8
    Last login: Tue Sep 24 10:30:02 2013 from 10.0.0.18
    在远程连接时如果慢就可以确定卡在哪了。
    [root@C64_A ~]# ssh -v oldboy@10.0.0.17
    OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
    debug1: match: OpenSSH_5.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '10.0.0.17' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:2
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug1: Next authentication method: gssapi-with-mic

    上述配置没配就发现卡到gssapi这。就大概知道是gssapi的问题。
    实际上在linux系统优化部分就应该优化SSH服务的此处。

  • 相关阅读:
    数据库连接单例模式
    魔术方法
    序列化与反序列化
    设计模式
    类的自动加载
    错误处理
    匿名类--php7.0以上
    OpenCV中HSV颜色模型及颜色分量范围
    Opencv 轮廓提取
    opencv 二值化_OpenCV二值图像案例分析精选 | 第二期
  • 原文地址:https://www.cnblogs.com/qiumingcheng/p/5797551.html
Copyright © 2011-2022 走看看