Since some time I experienced the problem that it took me ages to logon via SSH to some of my maintained servers on the web until the password prompt is being shown on the command line. After googling a bit I found a post describing my problem which I would like to recommend to the public. Root cause seems to be a missing configuration of the GSSAPI module. Instead of configuring it you may also simply disable this authentification method in /etc/ssh/sshd_config by specifying
# GSSAPI options GSSAPIAuthentication no #GSSAPIAuthentication yes GSSAPICleanupCredentials no #GSSAPICleanupCredentials yes
That solved my problem immediately.
However, against what’s written in the wordpress post, I had another error behaviour:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_0' not found debug1: Unspecified GSS failure. Minor code may provide more information
And also please note that the IP address of the calling machine has a valid DNS reverse address. So, there still seems to be something else out there…
Out of many search term hits onto this page I see that the warning message
seems to be subject to many of you wondering. However, if you look through several Kerberos HowTos like this one or that one, that this is a ticket file for the client’s kerberos file system. If you do not have installed a Kerberos system at all, this file simply will never exist. Thus, this warning is nothing that you should worry about.