matt-walston (#33) solution worked for me. I'm on Ubuntu 12.04.3
connecting to RedHat ssh server.
My problem apparently was in the reverse dns. Adding entries for each
system into /etc/hosts worked perfect.
--
You received this bug notification because you are a member of Ubuntu
Server Team,
** Changed in: openssh (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH
This is still an issue with Ubuntu 12.10.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage
So here's a list of the workarounds:
On the client:
# disable reverse lookups in kerberos
echo $'[libdefaults]\n\trdns=false' |sudo tee -a /etc/krb5.conf
# Alternatively, remove mdns, mdns4, mdns6 from nsswitch
/etc/nsswitch.conf
# Or disable GSSAPIAuthentication in ~/.ssh/config or
Is there any change the default configuration could be changed to accommodate
this?
Those of our users running e.g. Ubuntu (12.04) experience this frustratingly
long delay, and just assume it's our servers being very slow.
Luckily, our Linux-users are generally more computer savvy than others,
Ok, I understand the reason to keep it on as default, which is also
useful on our case, where we actually have a kerberized environment, but
there must be some way to reduce this huge login delay, or at least make
it easier to it turn on/off than ssh -o GSSAPIAuthentication=...
user@hostname
--
I use plenty of servers without Kerberos and I never see this. I don't
think it's clear that having GSSAPIAuthentication on by default is the
problem. I think it's more likely that there is some other cause, and
turning GSSAPIAuthentication off is merely a workaround.
I also suspect that
I also just found some clues that it might be caused by reverse DNS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Disabling mdns4 hosts lookup in /etc/nsswitch.conf indeed seems to fix
the problem, so I will probably settle with that workaround, keeping
GSSAPIAuthentication turned on.
Also reproduces in the released version of 12.04 (64-bit desktop
edition), as follows:
30-second delay before the password prompt is displayed when ssh'ing
directly to the IP address (no DNS lookup involved) of a machine on the
same network segment. Adding GSSAPIAuthentication no to ~/.ssh/config
This bug still affects 12.04 precise beta.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with GSSAPIAuthentication option on SSH servers are very slow
To manage
I run into this with Ubuntu lucid frequently when connecting to CentOS
systems. I have no local Kerberos configuration.
A good fix for me would be to have SSH check if kerberos is locally
configured before trying to do Kerberos authentication. However I have
no idea how feasible this approach is.
I just met problem like this. It prevented logging on to a server
completely.
Here's a log:
ssh -vvv x...@yyy.fi
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred
We, and a lot of other enterprise sites are using Kerberos, so we would
like it to be on by default.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/84899
Title:
SSH with
This bug is still affecting Ubuntu 11.10
Setting GSSAPIAuthentication no is still a viable workaround... but a
pain in the butt because I have to look this up with each fresh
install!!!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
It has been 4 years. The only reason to have GSSAPIAuthentication option
on is if you are running a Kerberos setup. Who the hell runs Kerberos
nowadays anyway. Can we have this finally set to off by default or will
it take another 4 years? This is disrupting an important service by
switching on an
this bug affect ubuntu 10.10 maverick
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
--
Ubuntu-server-bugs
I confirm this problem in Ubuntu 10.10. I experienced the exact symptoms
as described in
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/416264, but I
think the bug belongs to #84899.
Ubuntu uses the Debian package, as shown at the top of the attached file
(personal information removed):
** Attachment added: ssh -v showing authentication fixed
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/84899/+attachment/1735961/+files/ssh-with-bug-fixed.log
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received
My previous post shows the results after modifying ~/.ssh/config to contain:
GSSAPIAuthentication no
(success)
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because you are a member of Ubuntu
Server
Comparing the output of man ssh_config on Fedora 12 and Ubuntu 10.10,
near the beginning we can see the following paragraph in Ubuntu's page
which does not appear in Fedora's:
Note that the Debian openssh-client package sets several options as standard
in /etc/ssh/ssh_config which are
not
I answer myself: this bug was tracked in Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409360
Strangely, chat about this problem in Debian seems to stop around 2007,
and no one has complained since then. THe bug is still open, though.
--
SSH with GSSAPIAuthentication option on SSH
This is nice. This bug has been going for three years about commenting
or deleting a single line in the SSH config and the line is still there.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug notification because
By the way, there is a line in /etc/ssh/ssh_config that reads:
# GSSAPIAuthentication no
and another line that reads:
GSSAPIAuthentication yes
Obviously someone added the GSSAPIAuthentication yes when default is
no. Since commenting the line with yes fixed my problem (~10-15 sec
vs. ~0-1
Hi,
I have the same opinion as chifamba. People start thinking that SSH on
Ubuntu is slow. I had also the same opinion before seeing this bug in
Launchpad.
--
SSH with GSSAPIAuthentication option on SSH servers are very slow
https://bugs.launchpad.net/bugs/84899
You received this bug
This is still the case with Lucid.
I change to no in my local config and now ssh is faster.
I think it is important for user experience to set this to no by default and
anyone needing it can then enable it manually. This is because this bug has now
created the impression that ssh when using
I think the bug description is not very clear: there are situations in
which disabling GSSAPIAuthentication on server side fix the issue (maybe
because of DNS doesn't have a reverse resolution, as in my situation
fixed just putting GSSAPIAuthentication to off on a server that doesn't
have a
This bug is ~2 years old and cripples ssh use pretty badly. People waste time
hunting it down and working around it by disabling avahi or ssh's gss-api
stuff. I just upgraded to Jaunty alpha and it's still the same.
Is there some mechanism to propose this be fixed before Jaunty is out (i'm not
I've reproduced the problem on: Intrepid Minimal CD Install + ssh
There's no apparent avahi installed or activated
In that configuration, -o GSSAPIAuthentication=no on the client
command line has no effect, nor does setting it in the server's
ssh_config file (though why that would change
Erno, I have nominated the problem for jaunty, i.e. proposed that it be
fixed before the release. To do that, simply click Nominate for
release near the top of the bug page and select the release(s) you want
to nominate the bug for.
--
SSH with GSSAPIAuthentication option on SSH servers are very
29 matches
Mail list logo