Centos
CentOS5 上 PAM 密碼接受和會話打開之間的延遲
我有一個非常有趣的情況。我有一台執行 CentOS5.5 的伺服器,每當我嘗試使用任何外部介面 ssh 時,都會有 4 秒以上的延遲,始終如一。每當我使用內部介面時,都沒有這樣的延遲。例如,從 mycomputer2 ssh 到 mycomputer1 幾乎沒有延遲,但是從 mycomputer2 ssh 到 mycomputer1.com 會轉到外部介面,在那裡會出現延遲。/var/log/messages 在使用密碼登錄時顯示此內容,並帶有一些編輯:
Mar 18 10:18:06 somecomputer sshd[788]: pam_unix(sshd:auth): authentication failure; Mar 18 10:18:06 somecomputer sshd[788]: pam_krb5[788]: TGT verified using key for ... Mar 18 10:18:06 somecomputer sshd[788]: pam_krb5[788]: authentication succeeds for user Mar 18 10:18:12 somecomputer sshd[788]: Accepted password for user from computer port myport ssh2 Mar 18 10:18:13 somecomputer sshd[788]: pam_unix(sshd:session): session opened for user myuser by (uid=0)
這是/etc/pam.d/sshd:
auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so session required pam_limits.so
這是系統身份驗證:
auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account required pam_permit.so password requisite pam_cracklib.so retry=3 password sufficient pam_krb5.so use_authtok password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_limits.so session required pam_unix.so session required pam_krb5.so use_first_pass
這是 DNS 問題,添加
UseDNS no
到 /etc/ssh/sshd_config,重新載入 ssh 並查看是否更改。