Every time you try to connect with SSH after you enter your username, GSSAPI Authentication will attempt to authenticate you using the Kerberos protocol.
The problem with this is that nobody sets up GSSAPI Authentication services: this is both a waste of time and a security risk, as you are attempting to authenticate a service that you're not hosting, and is therefore prone to "Man in the Middle" attacks.
Unfortunately, GSSAPI Authentication with SSH in Linux is the default option. You can easily turn it off by doing the following. Open the SSH config file...
[user@localhost /]$ vi etc/ssh/ssh_config
And then find this line...
Host *
GSSAPIAuthentication yes
You may not have GSSAPIAuthentication set there yet, but you will want to find the line beginning with Host *. And then you can adjust it like so...
Host *
GSSAPIAuthentication no
Now your SSH will load instantly and securely.
No comments:
Post a Comment