Why SSH Login Is Slow on CentOS and How to Fix It in Minutes

1. Background

In the same data center there are several servers running CentOS 7 with identical configurations except IP addresses. Their resource utilization is low, but SSH connections to some servers are slow, taking 30‑60 seconds before the password prompt appears; once connected, speed returns to normal.

2. Reasons for Slow SSH Login

There are two main possible causes:

2.1 DNS reverse lookup issue

OpenSSH verifies the client IP by performing a reverse DNS lookup to obtain a hostname, then resolves that hostname back to an IP address to confirm the login IP is legitimate. If the client IP has no hostname or the DNS server is slow or unreachable, the login process is delayed.

Solution:

Edit the sshd server configuration on the target machine. Although the line #UseDNS yes is commented out, the default value is yes, so explicitly set it to no.

vi /etc/ssh/sshd_config
UseDNS no

Then restart the SSH service.

systemctl restart sshd.service

2.2 Disable GSSAPI authentication

Running ssh -v user@server shows messages such as:

debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information

Note 1: ssh -vvv user@server displays more detailed debug information. Note 2: GSSAPI (Generic Security Services Application Programming Interface) is a generic network security interface similar to Kerberos 5. It abstracts various client‑server security mechanisms, but when the target machine lacks proper DNS resolution, GSSAPI can cause delays because SSH attempts to contact a DNS server during authentication.

Solution:

Modify the sshd server configuration:

vi /etc/ssh/sshd_config
GSSAPIAuthentication no

And restart the SSH service:

systemctl restart sshd.service

3. Summary

After adjusting the sshd configuration on the slow machines—disabling DNS reverse lookup and GSSAPI authentication—SSH connections become fast, establishing within seconds.