Aug 172013
 

sshI use ssh connections to manage remote servers it’s one of the main task in my work, so over time I’ve learnt some tricks to speed up the connection phase of the ssh protocol, so in this article I’ll show you how to:

Configure ssh to use ipv4 only
Configure ssh to use a particular authentication method
Reuse SSH Connection
Disable the Dns lookup on server side

Also if you are interested in ssh you can take a look at my previous articles about How to keep ssh connections alive on Linux and how to keep a Permanent SSH Tunnels with autossh.



Please note I use these tweaks on my Ubuntu 13.04 and Arch Linux, older version of ssh could not have all these options.

Use ssh with IPV4 only.

Sometimes I can reach a server over IPv4, but not over IPv6. Other times the IPv6 connection it’s unstable or buggy, so being able to force an SSH connection over IPv4 can be handy, and it’s faster in some cases.

To force an IPV4 connection you can simply use this command on your computer:

ssh -4 user@hostname.com

This will connect to hostname.com only using IPV4 protocol, on the other hand if you want to force an IPV6 connection you can use the command:

ssh -6 user@hostname.com

Use ssh with a particular authentication method

In general the best way to authenticate it’s with an exchange of keys between the ssh client and the ssh server, in this way you don’t have to put your password every time you do a connection, but sometimes you don’t exchanges the keys between your client and the server and so you must use the good old password.

In this case you can use an option to skip the pubkey method and go directly to the password method, to do this use this command:

ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no user@hostname.com

You can also do the reverse, and run ssh to use only the pubkey method with the command:

ssh -o PreferredAuthentications=publickey user@hostname.com

Reuse SSH Connection

It’s possible to reuse a connection for remote server using the controlmaster directive. The concept is very simple — rather than each new SSH connection to a particular server opening up a new TCP connection, you instead multiplex all of your SSH connections down one TCP connection. The authentication only happens once, when the TCP connection is opened, and thereafter all your extra SSH sessions are sent down that connection.
To set this option open the ssh configuration file for your user, that it’s located in : ~/.ssh/config and add these options:

Host *
ControlMaster auto
ControlPath /tmp/%r@%h:%p

This tells your ssh client to always use a ControlMaster on all hosts. You can set it to autoask instead of auto to have ssh prompt you for whether or not to reuse an existing connection. The configuration directive ControlPath tells ssh where it should keep its socket information. In this example the files are created in /tmp, however it may be best to put this into your own home directory on multi-user systems.

Disable the Dns lookup on server side

As last thing if you are the owner of the remote server you can configure it to don’t resolve the reverse name of the IP that is connecting via ssh, there is a setting in OpenSSH that controls whether SSHd should not only resolve remote host names but also check whether the resolved host names map back to remote IPs. Apparently, that setting is enabled by default in OpenSSH. The directive UseDNS controls this particular behaviour of OpenSSH, and while it is commented in sshd_config (which is the default configuration file for the OpenSSH daemon in most enviornments), as per the man page for sshd_config, the default for UseDNS is set to enabled. Uncommenting the line carrying the UseDNS directive and setting it to “no” disables the feature.

THis directive can be modified in the file /etc/ssh/sshd_config and once you change it you have to restart the ssh daemon with the command:

/etc/init.d/ssh restart

Or equivalent.

Conclusions

These are some quick tips for speed up your daily tasks with ssh, if you have any other tips or suggestions just add them as comments, I’m always in search of good tricks.

Reference

SSH ControlMaster: The Good, The Bad, The Ugly


Popular Posts:

flattr this!

  One Response to “4 tricks to speed up ssh connections”

  1. I’ve had problems with DNS lookup in CentOS before. I don’t know if other distros have different default kn OpenSSH but CentOS is the only distro where I have experienced very slow logons because of DNS lookups.

 Leave a Reply

(required)

(required)


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>