OpenSSH hang after SSH2_MSG_SERVICE_ACCEPT

One of my servers back in China has a really sloooow connection to some of the famous DNS servers, like Google’s or OpenDNS. I happen to come across a performance issue related to DNS issue when I was logging into that server.

Turned on debug -v, I can see where it hangs:

debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to slow.example.com:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC:  compression: none
debug1: kex: client->server cipher: [email protected] MAC:  compression: none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:x0K6+PUKJzPg3V6PQXThdNXE2C9YJ4EeN+2CmLSWbqk
debug1: Host 'slow.example.com' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:100
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received

Then it stopped for a very looong time.

The solution is not to look up DNS for sshd when receiving requests. In /etc/ssh/sshd_config, add a value called

UseDNS no

and restart the server. Next time when you login, it’ll be much faster.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.