matt-walston (#33) solution worked for me. I'm on Ubuntu 12.04.3
connecting to RedHat ssh server.
"My problem apparently was in the reverse dns. Adding entries for each
system into /etc/hosts worked perfect."
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: openssh (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
This is still an issue with Ubuntu 12.10.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage notifications about
So here's a list of the workarounds:
On the client:
# disable reverse lookups in kerberos
echo $'[libdefaults]\n\trdns=false' |sudo tee -a /etc/krb5.conf
# Alternatively, remove mdns, mdns4, mdns6 from nsswitch
/etc/nsswitch.conf
# Or disable GSSAPIAuthentication in ~/.ssh/config or /etc/ssh/ssh_
I also just found some clues that it might be caused by reverse DNS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Disabling mdns4 hosts lookup in /etc/nsswitch.conf indeed seems to fix
the problem, so I will probably settle with that workaround, keeping
GSSAPIAuthentication turned on.
Ok, I understand the reason to keep it on as default, which is also
useful on our case, where we actually have a kerberized environment, but
there must be some way to reduce this huge login delay, or at least make
it easier to it turn on/off than "ssh -o GSSAPIAuthentication=...
user@hostname"
--
I use plenty of servers without Kerberos and I never see this. I don't
think it's clear that having GSSAPIAuthentication on by default is the
problem. I think it's more likely that there is some other cause, and
turning GSSAPIAuthentication off is merely a workaround.
I also suspect that reporters
Is there any change the default configuration could be changed to accommodate
this?
Those of our users running e.g. Ubuntu (12.04) experience this frustratingly
long delay, and just assume it's our servers being very slow.
Luckily, our Linux-users are generally more computer savvy than others, so
Also reproduces in the released version of 12.04 (64-bit desktop
edition), as follows:
30-second delay before the password prompt is displayed when ssh'ing
directly to the IP address (no DNS lookup involved) of a machine on the
same network segment. Adding "GSSAPIAuthentication no" to ~/.ssh/confi
This bug still affects 12.04 precise beta.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage notifications about
I run into this with Ubuntu lucid frequently when connecting to CentOS
systems. I have no local Kerberos configuration.
A good fix for me would be to have SSH check if kerberos is locally
configured before trying to do Kerberos authentication. However I have
no idea how feasible this approach is.
I just met problem like this. It prevented logging on to a server
completely.
Here's a log:
ssh -vvv x...@yyy.fi
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred
gss
We, and a lot of other enterprise sites are using Kerberos, so we would
like it to be on by default.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option o
It has been 4 years. The only reason to have GSSAPIAuthentication option
on is if you are running a Kerberos setup. Who the hell runs Kerberos
nowadays anyway. Can we have this finally set to off by default or will
it take another 4 years? This is disrupting an important service by
switching on an
This bug is still affecting Ubuntu 11.10
Setting GSSAPIAuthentication no is still a viable workaround... but a
pain in the butt because I have to look this up with each fresh
install!!!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
this bug affect ubuntu 10.10 maverick
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lis
My previous post shows the results after modifying ~/.ssh/config to contain:
GSSAPIAuthentication no
(success)
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, wh
** Attachment added: "ssh -v showing authentication fixed"
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899/+attachment/1735961/+files/ssh-with-bug-fixed.log
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received th
I confirm this problem in Ubuntu 10.10. I experienced the exact symptoms
as described in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/416264, but I
think the bug belongs to #84899.
Ubuntu uses the Debian package, as shown at the top of the attached file
(personal information removed):
O
I answer myself: this bug was tracked in Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Strangely, chat about this problem in Debian seems to stop around 2007,
and no one has complained since then. THe bug is still open, though.
--
SSH with GSSAPIAuthentication option on SSH se
Comparing the output of "man ssh_config" on Fedora 12 and Ubuntu 10.10,
near the beginning we can see the following paragraph in Ubuntu's page
which does not appear in Fedora's:
"Note that the Debian openssh-client package sets several options as standard
in /etc/ssh/ssh_config which are
not
This is nice. This bug has been going for three years about commenting
or deleting a single line in the SSH config and the line is still there.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you
By the way, there is a line in /etc/ssh/ssh_config that reads:
# GSSAPIAuthentication no
and another line that reads:
GSSAPIAuthentication yes
Obviously someone added the "GSSAPIAuthentication yes" when default is
"no." Since commenting the line with "yes" fixed my problem (~10-15 sec
vs.
Hi,
I have the same opinion as chifamba. People start thinking that SSH on
Ubuntu is slow. I had also the same opinion before seeing this bug in
Launchpad.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notificatio
This is still the case with Lucid.
I change to no in my local config and now ssh is faster.
I think it is important for user experience to set this to no by default and
anyone needing it can then enable it manually. This is because this bug has now
created the impression that ssh when using ubun
I think the bug description is not very clear: there are situations in
which disabling GSSAPIAuthentication on server side fix the issue (maybe
because of DNS doesn't have a reverse resolution, as in my situation
fixed just putting GSSAPIAuthentication to off on a server that doesn't
have a reserve
Erno, I have nominated the problem for jaunty, i.e. proposed that it be
fixed before the release. To do that, simply click "Nominate for
release" near the top of the bug page and select the release(s) you want
to nominate the bug for.
--
SSH with GSSAPIAuthentication option on SSH servers are ver
I've reproduced the problem on: Intrepid Minimal CD Install + ssh
There's no apparent avahi installed or activated
In that configuration, "-o GSSAPIAuthentication=no" on the client
command line has no effect, nor does setting it in the server's
ssh_config file (though why that would change anythi
This bug is ~2 years old and cripples ssh use pretty badly. People waste time
hunting it down and working around it by disabling avahi or ssh's gss-api
stuff. I just upgraded to Jaunty alpha and it's still the same.
Is there some mechanism to propose this be fixed before Jaunty is out (i'm not
t
Yes, I agree with ed_p. Also for me, that is the problem.
For me, a simple "ssh server" took about 10 secs. Running with "ssh -o
GSSAPIAuthentication=no server" brought that delay down to nothing. Disabling
avahi on the client like this:
$ sudo /etc/init.d/avahi-daemon stop
Made it login witho
** Changed in: openssh (Ubuntu)
Status: Invalid => Confirmed
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubun
This is really an nss-mdns bug, reported here:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/94940
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which i
SOLVED for me.
I was having a 5-10 second delay when logging in via SSH. Here was my
fix:
- On the client:
In /etc/ssh/ssh_config, set: 'GSSAPIAuthentication no'
-On the server:
In /etc/nsswitch.conf, change the 'hosts:' line to read this: 'hosts:
files dns'
After those two changes, l
I had the same problem on my private network lately when I added a new machine.
I had forgotten to update the table for reverse dns requests with the ip of the
new host.
Once fixed, I could ssh on the new host without trouble.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
[Expired for openssh (Ubuntu) because there has been no activity for 60
days.]
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu
Further to my comment on 2007-08-23, I have more information. The
misbehaviour clearly relates to non-ssh packages/config on the client
system in question. I have two Feisty installs, both acting as clients
to an OpenBSD server. One connects happily, the other hangs at
"SSH2_MSG_KEXINIT sent" wh
I commented the line
GSSAPIAuthentication yes
in /etc/ssh/ssh_conf
It worked for me. My ssh authentication is now much faster.
I use Ubuntu 'feisty'.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification be
I see the same symptoms as Izzy, except my VMware system is OpenBSD. I
cannot SSH in either direction. I can, however, SSH via an intermediate
other system (Debian/Etch).
i.e.
Feisty -> OpenBSD - FAILS
OpenBSD -> Feisty - FAILS
Feisty -> Etch -> OpenBSD - OK
--
SSH with GSSAPIAuthentication o
I have the same problem here with a CentOS 5 (Redhat Clone) running in a
VMWare. I cannot connect via SSH between the virtual machine and its
host. From the Feisty (Host), I see exactly what is described here, and
the session hangs after "debug1: SSH2_MSG_KEXINIT sent" for a long time,
and finally
Had same problem. An Ubuntu 7.04 running in VMWare Fusion where
connecting from my mac was extermely slow. Neither of the two proposed
fixes works, however above fix for setting with setting a host name for
the client worked. In addition, I found that instead of inserting the
hostname of the client
Same problem, tried both fixes but neither resolved. My problem
apparently was in the reverse dns. Adding entries for each system into
/etc/hosts worked perfect. I reverted the change to /etc/ssh/ssh_config
and reenabled mdns and the speed stayed fast. Check the basics first,
this was my fix, y
I had this problem with a fresh install of feisty. Found the solution here:
http://ubuntuforums.org/showthread.php?t=377212&highlight=ssh+delay
from comment #9:
If you got to System>Administration>Network and click the "General" tab there
is a new option that says
"Scan for available services an
Neither fix to the config files works for me on 7.04
Meanwhile, I can use putty to connect from Windows.
The host is a RedHat linux server.
Debian testing has the same problem.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You receive
For me either disabling GSSAPIAuthentication or changing nsswitch fixes
it.
changing nsswitch to "files dns mdns4" didn't help - I had to change it
to "files dns"
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug noti
** Changed in: openssh (Debian)
Status: Unknown => New
** Changed in: openssh (upstream)
Status: Unknown => New
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of
** Bug watch added: Debian Bug tracker #409360
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
** Also affects: openssh (upstream) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Importance: Unknown
Status: Unknown
** Also affects: openssh (Debian) via
http:
I don't see this myself, but I just observed it on sabdfl's machine and
saw that disabling GSSAPIAuthentication eliminated the delays (which
lasted several seconds)
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug not
Thank you, everyone for your comments. I had two hangs. Installing
krb5-config stopped one, adding an /etc/hosts entry for the client on
the host stopped the other one.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug
I confirm this situation. If I open a ssh connection over openvpn to the
destination host, then i have to wait 10 seconds. After i create
~/config and insert:
GSSAPIAuthentication no
the initial connection is finished in about 1 second.
--
SSH with GSSAPIAuthentication option on SSH servers ar
I have the same problem with slow SSH connects to LAN IPs.
If
GSSAPIAuthentication yes
in my ssh/ssh_config there are three places where ssh waits for a long time:
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2
Debian-8ubuntu1
debug1: match: OpenSSH_4.3p2 Debian-8u
I was connecting to a sshd on a Debian Etch which ran on the same machine under
VMWare.
The guest OS has a 192.168.x.y type IP (dhcp from VMWare) on a separate virtual
interface.
I applied William's solution
(https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899/comments/22).
In /etc/ns
Same here.
Again resolved by a disabled GSSAPI-Authentication.
I have one precision : between two ubuntu feisty, the problem wasn't
really pronouced; but between an ubuntu and a Red Hat 4 this is terrible
(about 3/4 minutes...).
--
SSH with GSSAPIAuthentication option on SSH servers are very sl
Another user faced similar performance problems with SSH, documented in
bug #84849. Again, the problem was solved by disabling mdns4_minimal
resolution in nsswitch.conf.
So far, some people benefited from disabling GSSAPI-Authentication, some
others had to disable mDNS to regain acceptable perform
I also had to edit nsswitch.conf
This fix worked for me, i am now able to connect and the connection is much
faster.
In /etc/nsswitch.conf, I replaced :
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
with
hosts: files dns
Note both the client and server are Ubuntu boxes connecting to
Setting GSSAPIAuthentication to no sped up my time-to-SSH-login-prompt
to 1-2 seconds from 5-6. Thanks.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is
@Ben
nsswitch.conf fix corrected the issue for me (at least for my LAN).
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
Hi everyone,
I had a similar problem, and setting GSSAPIAuthentication to no did NOT help.
I disabled mDNS from the nsswitch.conf file on the client and now the problem
is solved:
In /etc/nsswitch.conf, I replaced :
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
with
hosts:
I've been encountering this issue and tearing my hair out over this. The
reason being I've set my grace login period to a short 15 seconds. This
means this issue manifests as not being able to connect at all.
This is a stock Dapper SSHD install being connected to via a stock
Feisty SSHClient insta
Attached is my output from the following commands:
cat /etc/ssh/ssh_config | tail
ssh -vvv [EMAIL PROTECTED] exit
ssh -vvv [EMAIL PROTECTED] exit
This should confirm the bug.
** Attachment added: "Output of described commands (time ssh -vvv ...)"
http://librarian.launchpad.net/7335802/SSHPr
Here is said file.
Look for the lines ** HANG HERE *
** Attachment added: "Log of previously mentioned commands"
http://librarian.launchpad.net/7335804/SSHProblemLog.txt
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
I can confirm this issue over WWW and LAN.
I have 2 SSH servers, one here, one elsewhere, and it typically takes 5
minutes to log in to remote SSH, and 2 for the local one.
Turned off GSSAPIAuthentication and voila, 5 seconds to log in to remote
server, 2 for local one.
Please fix.
--
SSH with
I have the same problem with a new installation of Feisty Fawn. Setting
"GSSAPIAuthentication no" works for me. Alternatively, it also works to
add an entry for the host to /etc/hosts. (Something to do with the
reverse DNS lookup I believe.) In case it's relevant, the server I'm
connecting to does
As promised, here goes the log with GSSAPI authentication disabled.
** Attachment added: "other ssh -vvv log"
http://librarian.launchpad.net/7099486/ssh-noGSSAPI.gz
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://launchpad.net/bugs/84899
--
ubuntu-bugs mailing l
Sorry for replying again, but the thing all these logs seem to have in
common is that all of us are ssh'ing to a private network, instead of a
"public IP" (sorry for the missnomer): michelem and me are trying to
connect to a 10.*.*.* IP and AndrewLawrence is doing the same for a
192.168.*.*, typica
Dear fellows,
I am also suffering this problem, although in my case disabling the
GSSAPIAuthentication seems to help (only tested once). I'm attaching the
ssh -vvv log with the GSSAPIauthentication on. BTW: I use password
authentication, instead of key/passphrase.
It might be interesting to note
I am having this problem also, and "GSSAPIAuthentication no" didn't help
at all. I have version 4.3p2-8ubuntu1.
Here is what I got, it hangs on "debug2: we sent a keyboard-interactive
packet, wait for reply" for about 10 seconds.
ssh -vvv [EMAIL PROTECTED]
OpenSSH_4.3p2 Debian-8ubuntu1, OpenSSL
James,
That host does not have a FQHN right?
I believe the problem is that the GSSAPI authenticion tries to look up the
hostname
and the timeout problems is from failing that. Which is why it also fails
(sometimes) when ssh:ing to a numeric host address
--
SSH with GSSAPIAuthentication optio
Hi all,
Im getting a similar problem but instead of just the login prompt on a local
100Mbps network the SSH clients are up to work on a whooping 45kbps.
Anyone has had any problem like this or is this just a problem with the login
taking too long ?
--
SSH with GSSAPIAuthentication option on S
I'm having the same problem here. I've attached an ssh -vvv log, timing
info is as follows:
Start: Tue Mar 6 22:44:54 GMT 2007
Hung at line 59 until: Tue Mar 6 22:45:45 GMT 2007
Hung at line 65 until: Tue Mar 6 22:46:33 GMT 2007
Then proceeds normally.
Disabling GSSAPIAuthentication fixes the
No sorry I mistoke the option in /etc/ssh/ssh_config, the bug is still here.
This is the -vvv trace:
[EMAIL PROTECTED]:~$ ssh [EMAIL PROTECTED]
Last login: Mon Mar 5 15:53:40 2007 from goa.fastwebit.ofc
Linux carlinux 2.6.17-11-386 #2 Thu Feb 1 19:50:13 UTC 2007 i686
/ / _ _ / /(_)_
I think someone fixed it, now I cant reproduce it too but i have a new
version: 4.3p2-8ubuntu1
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://launchpad.net/bugs/84899
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo
I need 'ssh -vvv' output with some kind of indication of the point where
it seems to hang for long periods of time.
** Changed in: openssh (Ubuntu)
Status: Confirmed => Needs Info
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://launchpad.net/bugs/84899
--
ub
(I can't reproduce this myself.)
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://launchpad.net/bugs/84899
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
confirmed; although setting GSSAPIAuthentication to no doesn't help.
** Changed in: openssh (Ubuntu)
Importance: Undecided => Medium
Status: Unconfirmed => Confirmed
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://launchpad.net/bugs/84899
--
ubuntu-bugs
I can confirm this problem. I experienced the same symptoms, or rather
my system did, and the above proposed workaround fixed the problem.
I hope this gets fixed one way or the other, because without the
workaround, SSH was unusable.
--
SSH with GSSAPIAuthentication option on SSH servers are ver
75 matches
Mail list logo
