[Bug 84899] Re: SSH with GSSAPIAuthentication option on SSH servers are very slow

[Gabriel de Perthuis]

So here's a list of the workarounds:

On the client:
# disable reverse lookups in kerberos
echo $'[libdefaults]\n\trdns=false' |sudo tee -a /etc/krb5.conf 
# Alternatively, remove mdns, mdns4, mdns6 from nsswitch
/etc/nsswitch.conf
# Or disable GSSAPIAuthentication in ~/.ssh/config or /etc/ssh/ssh_config or with the -o flag
GSSAPIAuthentication=no

On the server:
GSSAPIAuthentication=no in /etc/ssh/sshd_config

Fixes that require coding would be the one at http://bugs.debian.org/409360#40 which seems simple enough.
Paliatives would be a cache of notfound results in avahi or in sshd (so that the 5 seconds Avahi timeout isn't repeated for the four times ssh tries name resolution).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899

Title:
  SSH with GSSAPIAuthentication option on SSH servers are very slow

Status in Portable OpenSSH:
  New
Status in “openssh” package in Ubuntu:
  Confirmed
Status in “openssh” package in Debian:
  New

Bug description:
  Binary package hint: openssh-client

  In Feisty Fawn I noticed a very slow ssh connection to some local servers, the prompt login takes 5/6 seconds to appear.
  I solved this problem putting the option "GSSAPIAuthentication no" instead "yes" in the /etc/ssh/ssh_config file.

  SSH Version is 4.3p2-7ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/84899/+subscriptions