How to fix a slow SSH login issue on Linux

Last updated on July 22, 2020 by Dan Nanni

Question: When I try to connect to a remote SSH server, it takes very long time (30 seconds to 2 minutes) before password prompt appears. Why is SSH login so slow to start, and how can I get rid of long delay in SSH login?

If you have to wait very long for SSH password prompt, there could be several things that may go wrong. To troubleshoot the root cause of slow SSH login, you can run ssh command with -vvv option, which will show you what's happening behind the scene during SSH login.

$ ssh -vvv [email protected]<ssh-server>

Here are possible solutions to the delayed SSH login problem.

Disable GSSAPI Authentication

One possible culprit (as indicated in the SSH client log above) is GSSAPI authentication. During SSH login, SSH client goes through a series of authentication steps, and one of them is GSSAPI authentication, where an SSH server contacts a GSSAPI server to validate client authentication. On Linux distros such as CentOS, GSSAPI authentication is enabled by default, and GSS failure can add long delay in SSH session start.

To disable GSSAPI authentication on an SSH server, look for GSSAPIAuthentication in /etc/ssh/sshd_config, and edit it or add the line as follows.

$ sudo vi /etc/ssh/sshd_config
GSSAPIAuthentication no

Then restart SSH server:

$ sudo systemctl restart ssh (Debian, Ubuntu)
$ sudo /etc/init.d/ssh restart  (old Debian, Ubuntu)
$ sudo systemctl restart sshd (Fedora, CentOS or RHEL)
$ sudo service sshd restart (old CentOS or RHEL)

Disable Reverse DNS Lookup

Another possibility for slow SSH login is reverse DNS lookup. On Linux distros such as Ubuntu, when an SSH server receives a login request from a client, the server performs reverse DNS lookup of the client's IP address for security reason. If the reverse DNS lookup fails, lookup timeout will add to SSH login delay.

To disable reverse DNS lookups on an SSH server, edit SSH server configuration as follows.

$ sudo vi /etc/ssh/sshd_config
# add this line
UseDNS no

Then restart SSH server:

$ sudo systemctl restart ssh (Debian, Ubuntu)
$ sudo /etc/init.d/ssh restart  (old Debian, Ubuntu)
$ sudo systemctl restart sshd (Fedora, CentOS or RHEL)
$ sudo service sshd restart (old CentOS or RHEL)

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal (Credit Card) or Bitcoin (1M161JGAkz3oaHNvTiPFjNYkeABox8rb4g).

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean