Speed-up SSH Login

1. You may have to wait a long time to access your server via ssh. To have faster ssh logins you may try the following: The most often suggested fix is to add the following to your server configuration (sshd_config):

 UseDNS no 

This prevents the SSH server from making a reverse DNS lookup – that is, looking up the IP address and finding what DNS name is associated with that IP. Since the reverse lookup often does not respond, then there is a time-out involved and this is what generates the normal delay seen in SSH connections.

2. Open sshd_config and comment the all GSSAPI and Kerberos options as these two authentication procedures take a long time to provide ssh logins.

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
#GSSAPICleanupCredentials yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

3. You can make all sessions to the same host use a single connection, which will greatly speed up subsequent logins, by adding these lines under the proper host in /etc/ssh/ssh_config:

ControlMaster auto
ControlPath ~/.ssh/socket-%r@%h:%p

Changing Ciphers by ssh

4. Changing the ciphers used by SSH to less CPU-demanding ones can improve speed. In this aspect, the best choices are Arcfour and blowfish-cbc. Please do not do this unless you know what you are doing; Arcfour has a number of known weaknesses. To use them, run SSH with the “c” flag, like this:

$ ssh -c arcfour,blowfish-cbc user@server-address

To use them permanently, add this line under the proper host in /etc/ssh/ssh_config:

Ciphers arcfour,blowfish-cbc

5. Another option to improve speed is to enable compression with the “C” flag. A permanent solution is to add this line under the proper host in /etc/ssh/ssh_config:

Compression yes

6. Login time can be shortened by using the “4” flag, which bypasses IPv6 lookup. This can be made permanent by adding this line under the proper host in /etc/ssh/ssh_config:

AddressFamily inet

7. Another way of making these changes permanent is to create an alias in ~/.bashrc:

alias ssh='ssh -C4c arcfour,blowfish-cbc' 

8. You may also enable password-less login or login using the authentication keys, as mentioned here

After making changes in the SSH configuration, restart the service.

service sshd restart
Scroll to Top