使用 PuTTY 建立 SSH 连接速度很慢,但使用 OpenSSH 则很快

使用 PuTTY 建立 SSH 连接速度很慢,但使用 OpenSSH 则很快

我在使用 PuTTY 时遇到了连接建立缓慢的问题:

> time.exe plink.exe -no-antispoof [email protected] exit                                                                                                                           [email protected]'s password:
real    0m 10.80s
user    0m 0.01s
sys     0m 0.06s

但对于 OpenSSH 则不然:

> time.exe ssh.exe [email protected] exit                                                                                                                                           [email protected]'s password:
real    0m 0.94s
user    0m 0.03s
sys     0m 0.06s

其价值如下UseDNS

> ssh [email protected] grep UseDNS /etc/ssh/sshd_config
[email protected]'s password:
#UseDNS yes
UseDNS no

现在有plink -v

> time.exe plink.exe -no-antispoof -v [email protected] exit                                                                                                                        Looking up host "X.Y.Z.T" for SSH connection
Connecting to X.Y.Z.T port 22
We claim version: SSH-2.0-PuTTY_Release_0.77
Connected to X.Y.Z.T
Remote version: SSH-2.0-OpenSSH_7.4
Using SSH protocol version 2
No GSSAPI security context available
Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
Host key fingerprint is:
ssh-ed25519 255 SHA256:xKqcsd8PIA6nRNj4D2Be5yBILwobLz3VXJMswZ+L5D4
Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
Pageant is running. Requesting keys.
Pageant has 0 SSH-2 keys
Using username "root".
Using SSPI from SECUR32.DLL
Trying gssapi-with-mic...
Attempting GSSAPI authentication

GSSAPI authentication request refused
[email protected]'s password:
Sent password
Access granted
Opening main session channel
Opened main channel
Remote debug message: No xauth program; cannot forward with spoofing.
X11 forwarding refused
Agent forwarding enabled
Started a shell/command
Session sent command exit status 0
real    0m 11.97s
user    0m 0.01s
sys     0m 0.06s

EDIT0:修复sshd 服务器端的nameserver(s)解决了 10 秒 SSH 连接建立延迟的问题。/etc/resolv.conf

答案1

尝试 GSSAPI 身份验证后,DNS 主机解析可能会超时。

Plink 默认使用 GSSAPI。

在 OpenSSH 中,无论是客户端还是服务器,GSSAPIAuthentication 默认均禁用。

最有可能的是,服务器上的 GSSAPIAuthentication 在 sshd_config 中启用。

https://stackoverflow.com/questions/62509282/how-to-disable-gssapi-authentication-using-putty-plink

https://access.redhat.com/discussions/1173853

SSH——身份验证缓慢

相关内容