Difference between revisions of "Improving openSSH server performance"

From Notes_Wiki
m
m
Line 1: Line 1:
<yambe:breadcrumb self="Improve performance">OpenSSH server configuration|OpenSSH</yambe:breadcrumb>
=Improving SSH server performance=
=Improving SSH server performance=


Line 18: Line 19:


Please note that this has to be done on SSH client (<tt>/etc/ssh/ssh_config</tt>) on our machine and SSH server on remote machine (<tt>/etc/ssh/sshd_config</tt>). Doing above configuration on SSH server of current machine will not have any effect.
Please note that this has to be done on SSH client (<tt>/etc/ssh/ssh_config</tt>) on our machine and SSH server on remote machine (<tt>/etc/ssh/sshd_config</tt>). Doing above configuration on SSH server of current machine will not have any effect.
Back to [[OpenSSH server configuration]]

Revision as of 11:42, 2 December 2012

<yambe:breadcrumb self="Improve performance">OpenSSH server configuration|OpenSSH</yambe:breadcrumb>

Improving SSH server performance

There are various ways of improving SSH server performance. For example on local LAN disabling all types of DNS checks both on server and on client as described on Disabling reverse DNS lookup for openSSH can improve speed significantly. Other performance improvements possible are described in various sub-sections on this page.


Disabling GSSAPI Authentication (Kerebros)

GSSAPI authentication is used by systems like Kerebros so that there is some standardization of client / server authentication which is independent of actual implementation. If GSSAPI authentication mechanisms are not used then one can improve SSH speed by using:

GSSAPIAuthentication no

This may be particularly useful if when SSHing to server with -v the output pauses for a while after displaying:

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

Please note that this has to be done on SSH client (/etc/ssh/ssh_config) on our machine and SSH server on remote machine (/etc/ssh/sshd_config). Doing above configuration on SSH server of current machine will not have any effect.