Logon with SSH takes long until the password prompt is being displayed

Since some time I experienced the problem that it took me ages to logon via SSH to some of my maintained servers on the web until the password prompt is being shown on the command line. After googling a bit I found a post describing my problem which I would like to recommend to the public. Root cause seems to be a missing configuration of the GSSAPI module. Instead of configuring it you may also simply disable this authentification method in /etc/ssh/sshd_config by specifying

# GSSAPI options
GSSAPIAuthentication no
#GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPICleanupCredentials yes

That solved my problem immediately.
However, against what’s written in the wordpress post, I had another error behaviour:

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure.  Minor code may provide more information

And also please note that the IP address of the calling machine has a valid DNS reverse address. So, there still seems to be something else out there…

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

One Comment

  1. Out of many search term hits onto this page I see that the warning message

    Credentials cache file '/tmp/krb5cc_0' not found
    

    seems to be subject to many of you wondering. However, if you look through several Kerberos HowTos like this one or that one, that this is a ticket file for the client’s kerberos file system. If you do not have installed a Kerberos system at all, this file simply will never exist. Thus, this warning is nothing that you should worry about.

    VN:F [1.9.22_1171]
    Rating: 0 (from 0 votes)

Leave a Reply

Your email address will not be published. Required fields are marked *

*