What should I do if the SSH login or data transmission speed is very slow?

This article introduces the causes and solutions for the slow SSH login or data transmission speed in the ECS instance of the Linux system.

Problem Phenomenon

In the ECS instance of the Linux system, when using the SSH service to log in or transfer data through the external network or intranet, the speed is very slow.

Problem Causes

This problem may be caused by enabling the UseDNS feature in the SSH service configuration file /etc/ssh/sshd_config in the ECS instance.

NOTE The UseDNS feature is a security enhancement feature of the SSH service and is disabled by default. After it is enabled, the server will first perform DNS PTR reverse query based on the client IP to obtain the client host name. Then perform DNS forward A record query according to the obtained client host name, and finally compare whether the obtained IP is consistent with the original IP, which is used to prevent client spoofing.

Usually, the client uses a dynamic IP without a corresponding PTR record. Therefore, after this feature is enabled, not only cannot it be used for information comparison, but the operation delay is increased due to related query operations, which eventually slows down the connection speed of the client.

Solution

1. Log in to the Linux instance.

2. Execute the following command to view the sshd_config file.

cat /etc/ssh/sshd_config

The system displays something similar to the following, indicating that the UseDNS feature is enabled.

UseDNS yes

3. Modify the SSH service configuration file.

a. Open the SSH configuration file.

vi /etc/ssh/sshd_config

b. According to business needs, add # before the line configuration to comment out the configuration or change yes to no to disable the UseDNS feature.

# UseDNS no

c. Press the Esc key and enter: wq to save the modification.

d. Execute the following command to restart the SSH service.

systemctl restart sshd.service

What should I do if the error message "could not set limit for 'nofile': Operation not permitted" is displayed when using SSH to remotely connect to an ECS instance in the Linux system?

Problem Phenomenon

When using SSH to remotely connect to the ECS instance of the Linux system, the following error message is displayed.

-bash: fork: retry: Resource temporarily unavailable.
pam_limits(sshd:session): could not sent limit for 'nofile':operaton not permitted.
Permission denied.

Problem Causes

The problem may be that the value of nofile in the resource limit configuration file /etc/security/limits.conf in the Linux kernel is too large, exceeding the number of files that the kernel can open. As a result, you cannot use SSH to connect to the ECS instance.

Solution

You can modify the configuration files /etc/sysctl.conf and /etc/security/limits.conf according to business needs to solve this problem.

1. Remotely connect to the ECS instance via VNC.

2. Execute the following commands respectively to check the fs.file-max and fs.nr_open parameter values.

cat /proc/sys/fs/file-max
cat /proc/sys/fs/nr_open

3. Modify the /etc/sysctl.conf configuration file.

a. Open the /etc/sysctl.conf configuration file.

vim /etc/sysctl.conf

b. Press i key to enter edit mode.

c. Modify the fs.file-max and fs.nr_open parameter values.

It is recommended to modify the fs.file-max and fs.nr_open parameter values to be greater than 65536.

illustrate
fs.file-max: The number of files that can be opened by all processes at the system kernel level.

fs.nr_open: The number of files that can be opened by a single process at the system kernel level.

fs.file-max=655360
fs.nr_open = 655360

4. Modify the /etc/security/limits.conf configuration file.

a. Open the /etc/security/limits.conf configuration file.

vim /etc/security/limits.conf

b. Press i key to enter edit mode.

c. Modify the *soft nofile and *hard nofile parameter values.

For example, modify the *soft nofile and *hard nofile parameter values to be greater than 65535.

* soft nofile 655350
* hard nofile 655350

5. Restart the ECS instance.

6. Execute the following commands in sequence to confirm that the values of fs.file-max and fs.nr_open are successfully modified.

cat /proc/sys/fs/file-max
cat /proc/sys/fs/nr_open