ssh - Why fabric can connect to remote host immediately while normal connecting needs to wait 20 seconds?

07
2014-07
  • Zen

    I'm using a remote hosting service. Everytime I connect to it.

    It costs me 20 seconds or more to wait for the password input line prompt out.

    But today I used python fabric module.

    I set the host name and password in the env configuration.

    And within a second it connects to the remote host and execute the command.

    What happened here?

    • Answers
  • garethTheRed

    I believe GSSAPIAuthentication and reverse DNS resolution are the two usual culprits for this. As Fabric is responding quickly, it suggests that reverse DNS resolution isn't enabled on the server.

    What happens if you use:-

    ssh -o GSSAPIAuthentication=no <username@host>

    If that improves things, then it can be made permanent for you by addingGSSAPIAuthentication no to ~/.ssh/ssh_config. Or, it can be made permanent by adding the same to /etc/ssh/ssh_config on your server (path may be slightly different).

    GSS-API is used in Single Sign On scenarios. For example, using a Kerberos server for managing your users. A remote hosting service will most probably not be providing this type of service, so GSS-API is not relevant to you in this case and can therefore be disabled.

    If you connect with a few -v options you should see the client and server attempting (unsuccessfully) to negotiate GSS:-

    ssh -vvv <username@host>

    You can disable this on a host by host basis by adding the Host keyword to your ssh_config file:-

    Host my_remote_hosting_server_hostname
GSSAPIAuthentication no

    See the man page for ssh_config for more details.


    • Related Question

    ssh - Connection to "server name" closed by remote host
  • Questioner

    I just set up SSH on my freeNAS server. However every time I connect I get kicked out right away. I get the following message:

    Connection to (my server name) closed by remote host.

    Anybody knows why this happens?

    This is the server log for SSH services: 

    Oct 9 09:35:52 sshd[2389]: Did not receive identification string from 204.16.252.112 
Oct 9 09:36:22 sshd[2390]: Did not receive identification string from 69.163.149.200 
Oct 9 09:36:44 sshd[2391]: SSH: Server;Ltype: Version;Remote: 192.168.1.1-55235;Protocol: 2.0;Client: OpenSSH_5.1p1 Debian-5ubuntu1 
Oct 9 09:36:54 sshd[2391]: Accepted password for "username" from 192.168.1.1 port 55235 ssh2

    • Related Answers
  • tangens

    It could happen because

    • the server only accepts a SSH protocol version your client doesn't provide,
    • the server only allows asymmetric authentication (RSA,DSA) and you provided no key

    Try to set the verbose flag on your client. It should give you some hints. Otherwise check the server log.

  • Andrew Keith

    it means that the TCP connection socket was terminated from the other side. Its a general error and is not specific to SSH.

    You might want to check the authentication of your SSH server on whether you have permission to access the SSH.

    I am not familiar with the flavour of SSH software you are using, but most SSH servers have some way of outputting debug output to a log. Try to enable that feature to see whats going on.