We’ll show you, how to speed up SSH connections in Linux. SSH is a very secure method for managing Linux servers. Sometimes it can be very slow especially if you need to open multiple SSH connections to your server. One such scenario would be if you use Git for your development work, as Git uses multiple SSH connections to transfer files and if your server is not configured correctly it will add unnecessary overhead by re-establishing a connection for every file transferred. In today’s tutorial we are going to learn how to speed up SSH connections in Linux. Let’s get started!
1. Disable DNS lookup on the server
The OpenSSH server has DNS lookups enabled by default, this means that the OpenSSH server will first look up the host name of the connecting host and then will check if the resolved host name’s IP address is the same as the connecting IP address.To disable DNS lookups, add the ‘UseDNS’ directive at the end of the ‘/etc/ssh/sshd_config’ file and set the value to ‘no’:
# nano /etc/ssh/sshd_config # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes # Disable DNS lookups UseDNS no
2. Re-use existing SSH connection
If you open multiple SSH connections to your server frequently, it would be best to configure your SSH client to use the existing connection when creating a new SSH session.This can speed up the sessions opened after the initial connection as it avoids the overhead of establishing a new connection.
Open the ‘~/.ssh/config’ file with nano and add the following lines in it:
# nano ~/.ssh/config Host * ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600
The ‘Host *’ directive above tells the SSH client to re-use the initial connection for all remote servers.
3. Setting up a password-less SSH login
Setting up a password-less SSH login is pretty easy and saves you time because you don’t have to enter a password when you open a new SSH connection.This can be done in three easy steps.
1.Generate the public/private key pair using this command:
# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Press Enter. Enter passphrase (empty for no passphrase): Press Enter. Enter same passphrase again: Press Enter. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/LEFoGKAt/qC9NeEfIfWm988IUqJaAuYBDvuDuu/jk8 root@test The key's randomart image is: +---[RSA 2048]----+ | .. . | |o .. . . | |.o .o . . | |o... . . . | |ooo . o S o . | |.= . = * * = . | |=..Eo * o * . . | |+o+. o . + o. | |+=+=o .. o. | +----[SHA256]-----+
2.Copy the public key to the remote server using this command:
# ssh-copy-id -i ~/.ssh/id_rsa.pub remote-server root@remote-server's password: Now try logging into the machine, with "ssh 'remote-server'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
3.Log in to the remote server to check if the password-less login is working:
# ssh remote-server Last login: Thu Dec 28 20:10:38 2017 from 10.20.30.4 root@remote-server$
If everything goes well you should see the output displayed above.
4. Changing the encryption used by the OpenSSH server
Changing the default cipher order for the SSHv2 protocol on the OpenSSH server can further speed up SSH connections as some ciphers can encrypt data faster than others.
For Ubuntu 16.04 the default order according to ‘man ssh_config’ is:
The default is: email@example.com, aes128-ctr,aes192-ctr,aes256-ctr, firstname.lastname@example.org,email@example.com, aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
If you do have a server which supports the new AES-NI instructions it would be better to change this order and add it to the end of the ‘/etc/ssh/sshd_config’ file like this:
# nano /etc/ssh/sshd_config # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes # Disable DNS lookups UseDNS no # Change the order of the ciphers used Ciphers aes128-ctr,aes192-ctr,aes256-ctr,firstname.lastname@example.org,email@example.com,aes128-cbc,aes192-cbc,aes256-cbc,firstname.lastname@example.org,3des-cbc
According to several benchmarks available online, aes128-ctr is twice as fast as chacha20-poly1305 on processors that support the AES-NI instructions so if you have a high-bandwidth connection to your server the file transfer speed should increase significantly after making the change.
That’s it, now your SSH connections should be a lot faster.
Of course, you don’t have to Speed Up SSH Connections in Linux, all by yourself, if you use one of our outsourced linux support services, in which case you can simply ask our expert Linux admins to speed up the SSH connections on your Linux server for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post on how to speed up SSH connections in Linux, please share it with your friends on the social networks using the buttons on the right or simply leave a reply below. Thanks.