Slow SSH logins are one of those problems that don’t look serious at first — until you realize every connection takes 20–30 seconds to respond. The shell eventually appears, but the delay is long enough to break automation, frustrate users, and make admins suspicious of deeper system issues.
This article walks through some common causes of slow SSH logins and how to diagnose them efficiently on Linux servers.
1. DNS Lookups: The Most Common Culprit
By default, sshd performs a reverse DNS lookup on the connecting IP address. If DNS is misconfigured or unreachable, SSH will wait.
How to Test
From the server (measure how many seconds it takes to do ssh to the machine):
$ time ssh localhost
If localhost logins are instant but remote logins are slow, suspect DNS.
Check /etc/ssh/sshd_config:
UseDNS yes
Fix
Disable DNS lookups (at least temporary to test):
UseDNS no
Then restart SSH:
# systemctl restart sshd
Note: This does not reduce security in most environments and is safe for the majority of servers.
2. Broken or Slow PAM Modules
PAM (Pluggable Authentication Modules) can introduce delays — especially if modules depend on:
- LDAP
- Kerberos
- Network home directories
- Smart card services
Debug with Verbose SSH
From the client:
$ ssh -vvv user@remote-server
Look for pauses during:
debug1: Authentications that can continue:
Test PAM Delay
Temporarily disable PAM in /etc/ssh/sshd_config:
UsePAM no
Restart SSH and test again.
If login becomes instant, inspect /etc/pam.d/sshd.
3. Entropy Shortage on Virtual Machines
Older kernels or low-activity VMs can run out of entropy, causing SSH key operations to block.
Check Entropy Level
# cat /proc/sys/kernel/random/entropy_avail
Values below 100 may cause delays.
Fix
Install an entropy daemon (if on Deb based distro):
# apt install haveged
or on CentOS / RHEL / Fedora
# yum install rng-tools
Then start the service:
# systemctl enable –now haveged
4. GSSAPI Authentication Delay
SSH attempts Kerberos authentication even when not used.
Symptom
Delay occurs before password prompt appears.
Fix
Edit /etc/ssh/sshd_config:
GSSAPIAuthentication no
GSSAPICleanupCredentials no
Restart SSH afterward.
5. Slow Home Directory or Shell Initialization
Sometimes SSH is fast, but the shell is slow.
Test with a Minimal Shell
$ ssh user@server /bin/sh
If this is instant, check:
- .bashrc
- .profile
- .bash_logout
Common mistakes:
- Network calls (curl, wget)
- Mounted NFS home directories
- Broken PATH exports
- Commands waiting on unavailable resources
6. Logging and Timing the Login Process
Enable SSH debug logging in /etc/ssh/sshd_config:
LogLevel DEBUG
Then watch logs:
# journalctl -u sshd -f
or:
# tail -f /var/log/auth.log
This allows you to see exactly where the delay happens.
7. A Systematic Troubleshooting Checklist
- Disable DNS lookups (UseDNS no)
- Disable GSSAPI
- Test PAM
- Check entropy
- Test minimal shell
- Review auth logs
In practice, 90% of slow SSH issues are DNS or PAM related.
Conclusion
But wait there might be much more behind the SSH slowness such as misconfigured LDAP or other infrastructure in the middle.
Slow SSH logins are rarely “just SSH.", and though this guide should help you with some sporadic random server issues, if the issues is present on a complex infra with multiple ssh servers, then that is almost always a symptom of:
- Network misconfiguration
- Over-engineered authentication
- Broken assumptions about system dependencies
Approaching the problem methodically saves hours of guesswork and restores what SSH is supposed to be, work without glitches.
More helpful Articles
Tags: directories, DNS, kernels, LDAP, localhost, logging, multiple, network, ssh servers, systemctl
