ssh 로그인 시 delay 현상은 대체로 접근불가한 DNS를 등록한 이유에서 발생한다
일반적으로 네트워크가 구성안된 상태에서 DNS를 등록해서 발생하는 현상이지만, 운영중에 DNS에 문제가 발생했을때도 ssh지연이 발생할 수 있으므로 조치해두는 것이 좋다
리눅스에서는 ssh에서 DNS를 사용하지 않도록 하면 해결된다
# vi /etc/ssh/sshd_config
UseDNS no
Solaris에서는 ssh 연결 과정을 분석해보면, gss api 인증과정에서 지연이 걸리는 것을 확인할 수 있는데
[root@SA-OCM1:~:#] ssh -v localhost
OpenSSH_8.1p1, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:0yGg+OUy5MdpZ8bms05qM8xvUJhZz7AUEvlkY5EVwxI
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:dr2ZJLHEPPJ5MFyPIFuZhE1EQES6SlaFCRWDTqggg9Y
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-with-mic # <<== 이 부분에서 지연이 발생
GSS API 인증시도가 원인인지 확인해 보려면, GSSAPIAuthentication=no 옵션을 주면 된다
[usage] ssh -o GSSAPIAuthentication=no [-l user] hostname
# ssh -o GSSAPIAuthentication=no -l root localhost
위 테스트를 통해서 지연이 사라졌다면, 영구적으로 적용하기 위해 ssh_config 를 수정한다
** 참고로 ssh_config는 클라이언트, sshd_config는 서버 설정과 관련이 있다
# vi /etc/ssh/ssh_config
21 Host *
22 # ForwardAgent no
23 # ForwardX11 no
24 # PasswordAuthentication yes
25 # HostbasedAuthentication no
27 GSSAPIAuthentication no
28 # GSSAPIDelegateCredentials no
29 # GSSAPIKeyExchange yes
30 # GSSAPITrustDNS no
반응형
'OS > Solaris_관리' 카테고리의 다른 글
| [Solaris_관리] Filesystem & Storage : ZFS 백업 및 복구 (0) | 2021.09.29 |
|---|---|
| [Solaris_관리] ACT(Autonomous Crashdump Tool) 사용방법 (0) | 2021.02.12 |
| [Solaris_관리] ValueError: character $val is not in range [$val1;$val2] (0) | 2020.12.29 |
| [Solaris_관리] mpxio 구성 (0) | 2020.10.16 |
| [Solaris_관리] SVM 환경에서 스토리지 교체절차(on solaris cluster, mpxio 제거) (0) | 2020.10.09 |