Centos

CentOS5 上 PAM 密碼接受和會話打開之間的延遲

  • March 18, 2013

我有一個非常有趣的情況。我有一台執行 CentOS5.5 的伺服器,每當我嘗試使用任何外部介面 ssh 時,都會有 4 秒以上的延遲,始終如一。每當我使用內部介面時,都沒有這樣的延遲。例如,從 mycomputer2 ssh 到 mycomputer1 幾乎沒有延遲,但是從 mycomputer2 ssh 到 mycomputer1.com 會轉到外部介面,在那裡會出現延遲。/var/log/messages 在使用密碼登錄時顯示此內容,並帶有一些編輯:

Mar 18 10:18:06 somecomputer sshd[788]: pam_unix(sshd:auth): authentication failure; 
Mar 18 10:18:06 somecomputer sshd[788]: pam_krb5[788]: TGT verified using key for ...
Mar 18 10:18:06 somecomputer sshd[788]: pam_krb5[788]: authentication succeeds for user
Mar 18 10:18:12 somecomputer sshd[788]: Accepted password for user from computer port myport ssh2
Mar 18 10:18:13 somecomputer sshd[788]: pam_unix(sshd:session): session opened for user myuser by (uid=0)

這是/etc/pam.d/sshd:

auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so
session    required     pam_limits.so

這是系統身份驗證:

auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3
password    sufficient    pam_krb5.so use_authtok
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
session     required      pam_krb5.so use_first_pass

這是 DNS 問題,添加UseDNS no到 /etc/ssh/sshd_config,重新載入 ssh 並查看是否更改。

引用自:https://serverfault.com/questions/488904