One of my servers back in China has a really sloooow connection to some of the famous DNS servers, like Google’s or OpenDNS. I happen to come across a performance issue related to DNS issue when I was logging into that server.
Turned on debug -v, I can see where it hangs:
debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 debug1: Authenticating to slow.example.com:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC:
compression: none debug1: kex: client->server cipher: [email protected] MAC: compression: none debug1: kex: [email protected] need=64 dh_need=64 debug1: kex: [email protected] need=64 dh_need=64 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:x0K6+PUKJzPg3V6PQXThdNXE2C9YJ4EeN+2CmLSWbqk debug1: Host 'slow.example.com' is known and matches the ECDSA host key. debug1: Found key in /home/user/.ssh/known_hosts:100 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_ACCEPT received
Then it stopped for a very looong time.
The solution is not to look up DNS for sshd when receiving requests. In /etc/ssh/sshd_config, add a value called
and restart the server. Next time when you login, it’ll be much faster.