Debugging a Nagios warning on ssh, I've discovered that gssapi-with-mic is causing long lags in authentication. I've turned it off, but what exactly am I missing? I gather that GSSAPI is a tool for authentication, but what about the -with-mic part?
Message Integrity Code.
This is also called a Message Authentication Code, but that acronym gets used for other things, so MIC is less ambiguous. From that Wikipedia page:
The fix is simple: disable attempts to use GSS-API by adding the following to ~/.ssh/config:
GSSAPI Authentication is typically used with Kerberos. Kerberos must be configured on both the server and client. If you are not using Kerberos, then you probably do not need it. If you are just using password or SSH keys to log in to your server you likely do not need GSSAPI, and you can disable it in the sshd_config file.
Set in the
/etc/ssh/sshd_configGSSAPIAuthentication noAs for the "with-mic" part, there are two authentication methods for GSSAPI; with-mic and -keyex. The MIC stands for message integrity code. And from what I gather from reading the RFC-4462 it is generated by the client using many of the agreed upon connection parameters and is hashed several times. Read more