How to make SSH work faster?

May 3 2010 – Newark

You may be working on SSH everyday, logining in and out, switching remote machines, change work locations (if you are working on a laptop), over and over. Each time you login into a machine, you have to wait for the command prompt for several seconds, input user name and password and kick yourself into the shell finally. Don’t you thinking it’s too time consuming to repeat the same actions? For me, I can not bear inputing the same password everyday. Here are some tricks to boost your productivity when working with SSH.

Auto Login

OpenSSH has a great feature “key-based authorization” which uses RSA/DSA key pair to do authorization instead of password. With the help of it, login can be done automatically.

Here are the steps:

1. Create ssh key pair, if you have’t one. Check ~/.ssh. If you find a fine with name id_dsa.pub or id_rsa.pub, you are done since the key pair is ready to use. Otherwise, create it simply by typing ssh-keygen and following the instructions. Keep in mind that there are two kinds of key pairs, RSA or DSA. I always use RSA. You can choose one on your own. If you choose RSA with other options as default, you will get id_rsa and id_rsa.pub in ~/.ssh. The former file is the private key and latter one is the public key.
2. Make sure your ~/.ssh is private. I want to emphasize that here that the private key, i.e. id_rsa, is the equivalent with your password since people who can access this file can login the remote machine easily as they got your password! So make it private first.
   

   chmod 700 ~/.ssh

3. Transfer your public key to the remote machine which you want to login automatically. SCP may be a preferred way:
   

   scp ~/.ssh/id_rsa.pub user@remote.machine.com:~/my_key.pub

4. Append your public key to the ~/.ssh/authorized_keys on the remote machine.
   

   cat my_key.pub >> ~/.ssh/authorized_keys

5. Done! Check whether you can login into the remote machine automatically by simply type
   

   ssh user@remote.machine.com

   on your local machine. If it works, remove the public key on the remote machine.
6. For geekers who’d like to do it in one-line fashion, here it is:
   

   cat ~/.ssh/id_dsa.pub | ssh -l user remote.machine.com ‘cat >> ~/.ssh/authorized_keys’

Even Faster

Even auto login is set up, in some cases you have to wait for several seconds before the shell prompt bombs out. Still frustrating, right? In some worse cases, you have wait more than 10 seconds or even longer! Why? Each time you connect a remote machine, sshd would like to use your IP address to apply reverse DNS lookup to determine your hostname. If the DNS server goes slow, it may take seconds to return the results. The longer the lookup takes, the longer you have to wait.

Two tricks can be applied to solve this problem:

1. Edit /etc/hosts on the remote machine and add the IP address of your local machine to it with an appropriate hostname. So if you login the system, your IP address is resolved locally, which is definitely faster.
2. Disable DNS lookup on the remote machine. Edit /etc/ssh/sshd_config and add one line:
   

   UseDNS no

   Restart the sshd server then. If everything goes well, you will see the save of time.

Both tricks require root privilege. If do not have root access, ask your administrator to help you.

Troubleshooting

Use ssh -v or ssh -vvv to output debug information and diagnose the problem.