matt-walston (#33) solution worked for me. I'm on Ubuntu 12.04.3
connecting to RedHat ssh server.
"My problem apparently was in the reverse dns. Adding entries for each
system into /etc/hosts worked perfect."
--
You received this bug notification because you are a member of Ubuntu
Server Team, w
** Changed in: openssh (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH serv
This is still an issue with Ubuntu 12.10.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage no
So here's a list of the workarounds:
On the client:
# disable reverse lookups in kerberos
echo $'[libdefaults]\n\trdns=false' |sudo tee -a /etc/krb5.conf
# Alternatively, remove mdns, mdns4, mdns6 from nsswitch
/etc/nsswitch.conf
# Or disable GSSAPIAuthentication in ~/.ssh/config or /etc/ssh/ssh_
I also just found some clues that it might be caused by reverse DNS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Disabling mdns4 hosts lookup in /etc/nsswitch.conf indeed seems to fix
the problem, so I will probably settle with that workaround, keeping
GSSAPIAuthentication turned on.
I use plenty of servers without Kerberos and I never see this. I don't
think it's clear that having GSSAPIAuthentication on by default is the
problem. I think it's more likely that there is some other cause, and
turning GSSAPIAuthentication off is merely a workaround.
I also suspect that reporters
Ok, I understand the reason to keep it on as default, which is also
useful on our case, where we actually have a kerberized environment, but
there must be some way to reduce this huge login delay, or at least make
it easier to it turn on/off than "ssh -o GSSAPIAuthentication=...
user@hostname"
--
Is there any change the default configuration could be changed to accommodate
this?
Those of our users running e.g. Ubuntu (12.04) experience this frustratingly
long delay, and just assume it's our servers being very slow.
Luckily, our Linux-users are generally more computer savvy than others, so
Also reproduces in the released version of 12.04 (64-bit desktop
edition), as follows:
30-second delay before the password prompt is displayed when ssh'ing
directly to the IP address (no DNS lookup involved) of a machine on the
same network segment. Adding "GSSAPIAuthentication no" to ~/.ssh/confi
This bug still affects 12.04 precise beta.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage n
I run into this with Ubuntu lucid frequently when connecting to CentOS
systems. I have no local Kerberos configuration.
A good fix for me would be to have SSH check if kerberos is locally
configured before trying to do Kerberos authentication. However I have
no idea how feasible this approach is.
I just met problem like this. It prevented logging on to a server
completely.
Here's a log:
ssh -vvv x...@yyy.fi
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred
gss
We, and a lot of other enterprise sites are using Kerberos, so we would
like it to be on by default.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthe
It has been 4 years. The only reason to have GSSAPIAuthentication option
on is if you are running a Kerberos setup. Who the hell runs Kerberos
nowadays anyway. Can we have this finally set to off by default or will
it take another 4 years? This is disrupting an important service by
switching on an
This bug is still affecting Ubuntu 11.10
Setting GSSAPIAuthentication no is still a viable workaround... but a
pain in the butt because I have to look this up with each fresh
install!!!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to o
this bug affect ubuntu 10.10 maverick
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
--
Ubuntu-server-bugs mai
My previous post shows the results after modifying ~/.ssh/config to contain:
GSSAPIAuthentication no
(success)
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Server T
** Attachment added: "ssh -v showing authentication fixed"
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899/+attachment/1735961/+files/ssh-with-bug-fixed.log
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received th
I confirm this problem in Ubuntu 10.10. I experienced the exact symptoms
as described in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/416264, but I
think the bug belongs to #84899.
Ubuntu uses the Debian package, as shown at the top of the attached file
(personal information removed):
O
I answer myself: this bug was tracked in Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Strangely, chat about this problem in Debian seems to stop around 2007,
and no one has complained since then. THe bug is still open, though.
--
SSH with GSSAPIAuthentication option on SSH se
Comparing the output of "man ssh_config" on Fedora 12 and Ubuntu 10.10,
near the beginning we can see the following paragraph in Ubuntu's page
which does not appear in Fedora's:
"Note that the Debian openssh-client package sets several options as standard
in /etc/ssh/ssh_config which are
not
This is nice. This bug has been going for three years about commenting
or deleting a single line in the SSH config and the line is still there.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you
By the way, there is a line in /etc/ssh/ssh_config that reads:
# GSSAPIAuthentication no
and another line that reads:
GSSAPIAuthentication yes
Obviously someone added the "GSSAPIAuthentication yes" when default is
"no." Since commenting the line with "yes" fixed my problem (~10-15 sec
vs.
Hi,
I have the same opinion as chifamba. People start thinking that SSH on
Ubuntu is slow. I had also the same opinion before seeing this bug in
Launchpad.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notificatio
This is still the case with Lucid.
I change to no in my local config and now ssh is faster.
I think it is important for user experience to set this to no by default and
anyone needing it can then enable it manually. This is because this bug has now
created the impression that ssh when using ubun
I think the bug description is not very clear: there are situations in
which disabling GSSAPIAuthentication on server side fix the issue (maybe
because of DNS doesn't have a reverse resolution, as in my situation
fixed just putting GSSAPIAuthentication to off on a server that doesn't
have a reserve
Erno, I have nominated the problem for jaunty, i.e. proposed that it be
fixed before the release. To do that, simply click "Nominate for
release" near the top of the bug page and select the release(s) you want
to nominate the bug for.
--
SSH with GSSAPIAuthentication option on SSH servers are ver
I've reproduced the problem on: Intrepid Minimal CD Install + ssh
There's no apparent avahi installed or activated
In that configuration, "-o GSSAPIAuthentication=no" on the client
command line has no effect, nor does setting it in the server's
ssh_config file (though why that would change anythi
This bug is ~2 years old and cripples ssh use pretty badly. People waste time
hunting it down and working around it by disabling avahi or ssh's gss-api
stuff. I just upgraded to Jaunty alpha and it's still the same.
Is there some mechanism to propose this be fixed before Jaunty is out (i'm not
t
Yes, I agree with ed_p. Also for me, that is the problem.
For me, a simple "ssh server" took about 10 secs. Running with "ssh -o
GSSAPIAuthentication=no server" brought that delay down to nothing. Disabling
avahi on the client like this:
$ sudo /etc/init.d/avahi-daemon stop
Made it login witho
30 matches
Mail list logo
