1、现象: 使用crt连接服务器的速度很慢, 使用x$shell连接的速度却很快
2、解决思路:
打开securecrt的file--->trace options,点选后, 直接连接服务器,查看输出的trace信息,
可以看到如下信息:
[PRINTER] : Printer initialization succeeded [LOCAL] : SSH2Core version 8.5.0.1740 [LOCAL] : Connecting to 10.2.130.230:22 ... [LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT [LOCAL] : Using protocol SSH2 [LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_5.3' [LOCAL] : CAP : Remote can re-key [LOCAL] : CAP : Remote sends language in password change requests [LOCAL] : CAP : Remote sends algorithm name in PK_OK packets [LOCAL] : CAP : Remote sends algorithm name in public key packets [LOCAL] : CAP : Remote sends algorithm name in signatures [LOCAL] : CAP : Remote sends error text in open failure packets [LOCAL] : CAP : Remote sends name in service accept packets [LOCAL] : CAP : Remote includes port number in x11 open packets [LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC [LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages [LOCAL] : CAP : Remote correctly handles unknown SFTP extensions [LOCAL] : CAP : Remote correctly encodes OID for gssapi [LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests [LOCAL] : CAP : Remote can do SFTP version 4 [LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3 [LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures [LOCAL] : CAP : Remote correctly handles zlib@openssh.com [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [Kerberos] SPN : host@10.2.130.230 SecureCRT - Version 8.5.0 (x64 build 1740) [LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed. [LOCAL] : GSS : [Kerberos] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [Kerberos] Disabling gss mechanism [LOCAL] : GSS : [Kerberos] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@10.2.130.230 [LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed. [LOCAL] : GSS : [Kerberos (Group Exchange)] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism [LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.3.5.1.5.2] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.3.5.1.5.2] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.3.5.1.5.2] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [1.3.5.1.5.2] Disabling gss mechanism [LOCAL] : GSS : [1.3.5.1.5.2] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-A/vxljAEU54gt9a48EiANQ== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.3.5.1.5.2 (Group Exchange)] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.3.5.1.5.2 (Group Exchange)] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.3.5.1.5.2 (Group Exchange)] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [1.3.5.1.5.2 (Group Exchange)] Disabling gss mechanism [LOCAL] : GSS : [1.3.5.1.5.2 (Group Exchange)] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-A/vxljAEU54gt9a48EiANQ== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.2.840.48018.1.2.2] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.2.840.48018.1.2.2] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.2.840.48018.1.2.2] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information gss_display_status() failed: uMinorCode = 100006 [LOCAL] : GSS : [1.2.840.48018.1.2.2] Disabling gss mechanism [LOCAL] : GSS : [1.2.840.48018.1.2.2] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-bontcUwnM6aGfWCP21alxQ== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.2.840.48018.1.2.2 (Group Exchange)] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.2.840.48018.1.2.2 (Group Exchange)] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.2.840.48018.1.2.2 (Group Exchange)] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information gss_display_status() failed: uMinorCode = 100006 [LOCAL] : GSS : [1.2.840.48018.1.2.2 (Group Exchange)] Disabling gss mechanism [LOCAL] : GSS : [1.2.840.48018.1.2.2 (Group Exchange)] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-bontcUwnM6aGfWCP21alxQ== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.3.6.1.5.2.5] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.3.6.1.5.2.5] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.3.6.1.5.2.5] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [1.3.6.1.5.2.5] Disabling gss mechanism [LOCAL] : GSS : [1.3.6.1.5.2.5] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q== [LOCAL] : GSS : Requesting full delegation [LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] SPN : host@10.2.130.230 [LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] InitializeSecurityContext() failed. [LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] The gssapi provider indicated a failure. Unspecified GSS failure. Minor code may provide more information Internal credentials cache error [LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] Disabling gss mechanism [LOCAL] : GSS : [1.3.6.1.5.2.5 (Group Exchange)] Disabling gss mechanism [LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q== [LOCAL] : SEND : KEXINIT [LOCAL] : RECV : Read kexinit [LOCAL] : Available Remote Kex Methods = diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [LOCAL] : Selected Kex Method = diffie-hellman-group14-sha1 [LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss [LOCAL] : Selected Host Key Algo = ssh-rsa [LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [LOCAL] : Selected Send Cipher = aes256-ctr [LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [LOCAL] : Selected Recv Cipher = aes256-ctr [LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [LOCAL] : Selected Send Mac = hmac-sha2-512 [LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [LOCAL] : Selected Recv Mac = hmac-sha2-512 [LOCAL] : Available Remote Compressors = none,zlib@openssh.com [LOCAL] : Selected Compressor = none [LOCAL] : Available Remote Decompressors = none,zlib@openssh.com [LOCAL] : Selected Decompressor = none [LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE [LOCAL] : SEND : KEXDH_INIT [LOCAL] : RECV : KEXDH_REPLY [LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS [LOCAL] : RECV: Remote Hostkey (SHA-2 hash hex): 94:5a:5a:b9:e3:f1:65:6a:68:00:e0:b8:20:15:0b:2e:53:85:da:bd:39:b3:e1:2f:cd:5c:b3:14:bb:4f:83:75 [LOCAL] : RECV: Remote Hostkey (SHA-2 hash base64): lFpauePxZWpoAOC4IBULLlOF2r05s+EvzVyzFLtPg3U [LOCAL] : RECV: Remote Hostkey (SHA-1 hash): 20:d4:98:e8:1b:3a:4d:0d:05:26:1b:08:cb:75:35:07:15:e9:db:44 [LOCAL] : RECV: Remote Hostkey (MD5 hash): 30:29:a7:ba:b0:1b:05:5e:6c:7f:8c:21:48:67:05:6d [LOCAL] : SEND : NEWKEYS [LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS [LOCAL] : RECV : NEWKEYS [LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION [LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth] [LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK [LOCAL] : SENT : USERAUTH_REQUEST [none] [LOCAL] : Authenticating as user weblogic [LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,password] [LOCAL] : SENT : USERAUTH_REQUEST [password] [LOCAL] : RECV : AUTH_SUCCESS [LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session') [LOCAL] : SEND[0]: Pty Request (rows: 56, cols: 144) [LOCAL] : RECV[0]: pty request succeeded [LOCAL] : SEND[0]: shell request [LOCAL] : RECV[0]: shell request succeeded
3、分析
可以看到有很多的 key exchange method是不支持的, 所以要尽快的连接,需要将不支持的选项禁用(此处没有过多的深入研究,如何支持这些报错的 key exchange method),如下图:
全局(all sessions)后重启crt,即可以实现快速连接。问题得到解决。
有时间的朋友可以去研究下如何支持报错的key change method