我在使用 PuTTY 时遇到了连接建立缓慢的问题:
> time.exe plink.exe -no-antispoof [email protected] exit [email protected]'s password:
real 0m 10.80s
user 0m 0.01s
sys 0m 0.06s
但对于 OpenSSH 则不然:
> time.exe ssh.exe [email protected] exit [email protected]'s password:
real 0m 0.94s
user 0m 0.03s
sys 0m 0.06s
其价值如下UseDNS
:
> ssh [email protected] grep UseDNS /etc/ssh/sshd_config
[email protected]'s password:
#UseDNS yes
UseDNS no
现在有plink -v
:
> time.exe plink.exe -no-antispoof -v [email protected] exit Looking up host "X.Y.Z.T" for SSH connection
Connecting to X.Y.Z.T port 22
We claim version: SSH-2.0-PuTTY_Release_0.77
Connected to X.Y.Z.T
Remote version: SSH-2.0-OpenSSH_7.4
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
Host key fingerprint is:
ssh-ed25519 255 SHA256:xKqcsd8PIA6nRNj4D2Be5yBILwobLz3VXJMswZ+L5D4
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Pageant is running. Requesting keys.
Pageant has 0 SSH-2 keys
Using username "root".
Using SSPI from SECUR32.DLL
Trying gssapi-with-mic...
Attempting GSSAPI authentication
GSSAPI authentication request refused
[email protected]'s password:
Sent password
Access granted
Opening main session channel
Opened main channel
Remote debug message: No xauth program; cannot forward with spoofing.
X11 forwarding refused
Agent forwarding enabled
Started a shell/command
Session sent command exit status 0
real 0m 11.97s
user 0m 0.01s
sys 0m 0.06s
EDIT0:修复sshd 服务器端的nameserver
(s)解决了 10 秒 SSH 连接建立延迟的问题。/etc/resolv.conf
答案1
尝试 GSSAPI 身份验证后,DNS 主机解析可能会超时。
Plink 默认使用 GSSAPI。
在 OpenSSH 中,无论是客户端还是服务器,GSSAPIAuthentication 默认均禁用。
最有可能的是,服务器上的 GSSAPIAuthentication 在 sshd_config 中启用。
https://stackoverflow.com/questions/62509282/how-to-disable-gssapi-authentication-using-putty-plink