linux 下ssh无法登录解决

现象就是在root下 ssh host1 一直卡住没反应，
然后用ssh的debug模式查看ssh -v host1,显示如下：

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to vbaby2 [10.1.60.175] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vbaby2' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Resource temporarily unavailable

debug1: Unspecified GSS failure.  Minor code may provide more information
Resource temporarily unavailable

而且那个GSS的认证过程长达一两分钟；
这个原因不知道，之前没有这个问题，瞬间就GSS认证失败，就尝试新的认证方法了。
在其他帐号下ssh host1显示如下：

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to vbaby2 [10.1.60.175] port 22.
debug1: Connection established.
debug1: identity file /home/hadoop/.ssh/identity type -1
debug1: identity file /home/hadoop/.ssh/id_rsa type 1
debug1: identity file /home/hadoop/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'vbaby2' is known and matches the RSA host key.
debug1: Found key in /home/hadoop/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug1: Unspecified GSS failure.  Minor code may provide more information
Unknown code krb5 195

debug1: Next authentication method: publickey
debug1: Trying private key: /home/hadoop/.ssh/identity
debug1: Offering public key: /home/hadoop/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Sun Mar  4 20:47:23 2012 from 10.1.60.192

那个GSS认证失败，瞬间完成。
而且之前root ssh到其他机器也没有问题的。


解决：
不管怎么回事，反正后来关了GSS认证就好了，关闭方法如下：
http://hi.baidu.com/yuchilan/blog/item/e497b9129a7dad5bf919b835.html


解决方案
这些延迟绝大部分是 GSSAPI 的认证功能导致的,显然是要把 GSSAPI 禁用. 以下是三种可行的方式:

[注] 该解决方案是在客户端 OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 下测试并通过的.

2. 在 ssh 客户端程序的配置文件里显式禁用 GSSAPI 认证. 如, 编辑 /etc/ssh/ssh_config 文件, 添加或修改使其有如下一行:

GSSAPIAuthentication no

3. 在用户根目录下的 .ssh 目录下创建一个 config 文件. 如, 编辑 /home/lan/.ssh/config (如果该文件不存在, 则创建之), 添加选项:

GSSAPIAuthentication no

[注] A. /etc/ssh/ssh_config 是全局配置文件, 对其进行的修改会影响所有使用 ssh 客户端的系统用户.
B. /home/lan/.ssh/config 是只会影响用户lan 的本地 ssh 客户端配置文件. 该文件的所有配置参数会覆盖全局配置文件的相同配置参数.

在禁用 GSSAPI 后, ssh 的登陆提示 "回归" 正常了