SSH with Kerberos? No!

In the last few days, my SSH connection from home to office is very very slow. However, when it's connected, the speed is not so bad. After some -vvv debug, it seems the SSH client waste a lot of time before showing a line "Cannot resolve network address for KDC in requested realm". What? SSH is using Kerberos? That's bad.

Well I have done some Kerberos programming jobs recently on this computer, but I never meant to tell SSH to use it. Finally I add these 2 lines into ~/.ssh/config, and now it's much faster.
Host \*
GSSAPIKeyExchange no
Comments:

Why do you say that SSH automatically attempting to use Kerberos keys via GSSAPI is a bad thing ?

This will only happen if you have a Keberos configuration setup. If you mean it is bad because the KDC you had configured couldn't be reached then that isn't the fault of ssh.

Posted by Darren Moffat on May 27, 2008 at 02:14 PM CST #

Well, I just don't expect it should do that. My krb5.conf doesn't have a default realm, and I don't have a TGT cache. And, it shouldn't consume so long time (>40s).

Posted by Weijun on May 27, 2008 at 02:36 PM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today