使用CentOS7登录时延迟很长

我有一个CentOS 7系统，当我用腻子或ssh登录时，在得到密码提示之前有很长的延迟。我运行了ssh -v，发现它达到了这个目的：

debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received

然后坐在那里1-2分钟，然后此输出爆炸：

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Trying private key: /home/motor/.ssh/id_rsa
debug1: Trying private key: /home/motor/.ssh/id_dsa
debug1: Trying private key: /home/motor/.ssh/id_ecdsa
debug1: Trying private key: /home/motor/.ssh/id_ed25519
debug1: Next authentication method: password

然后出现密码提示。无论哪个用户登录，都会发生这种情况。它仅在1个系统上发生。我还有其他5个方面，它毫不拖延地进行。

日志中没有磁盘或内存或任何其他错误。

是什么导致它像这样延迟呢？

更新：

我尝试将其设置GSSAPIAuthentication为“否”，但这并不能解决问题。

我再次用-vvv运行ssh。此输出出来，然后挂起：

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/motor/.ssh/id_rsa ((nil)),
debug2: key: /home/motor/.ssh/id_dsa ((nil)),
debug2: key: /home/motor/.ssh/id_ecdsa ((nil)),
debug2: key: /home/motor/.ssh/id_ed25519 ((nil)),

1-2分钟后，结果如下：

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/motor/.ssh/id_rsa
debug3: no such identity: /home/motor/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_dsa
debug3: no such identity: /home/motor/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_ecdsa
debug3: no such identity: /home/motor/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/motor/.ssh/id_ed25519
debug3: no such identity: /home/motor/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

然后提示输入密码。

在/etc/ssh/sshd_config远程服务器上，应将选项更改GSSAPIAuthentication为no。重新启动sshd，您应该一切顺利。

编辑：GSSAPI（通用安全服务应用程序编程接口）本质上是一个利用Kerberos库提供强大网络加密功能的API。除非出于特殊原因需要启用GSSAPI，否则此方法应该可以解决您遇到的问题。

edit2：为清楚起见，反向DNS检查也有可能超时（特别是检查连接主机的PTR记录）。SSH当然会执行此检查，因为它充当验证连接主机的安全措施。

话虽如此，该过程在实际安全性方面并没有增加太多，因为实际上有相当一部分主机始终没有PTR。有三种方法可以解决此问题：

1）。您可以修改sshd_config文件以使用UseDNS no参数。这将停止反向DNS查找。这是安全的。

2）。在连接缓慢的主机的适当DNS系统中添加PTR记录。

3）。将手动条目hosts和相关条目添加到OS 文件中。

希望有帮助！

这听起来像DNS问题-在尝试登录期间，将执行反向DNS查找以在身份验证日志中提供远程主机名。

检查以确保服务器在/etc/resolv.conf文件中没有无响应的解析器。