When your terminal emulator or SSH connection displays the login banner instantly but makes you wait 10-60 seconds for the actual prompt, you're facing one of Linux/Unix's most frustrating yet common issues. Let's dissect this latency monster.
# Diagnostic command sequence
time ssh user@host "echo PROMPT_TEST" # Measure raw SSH overhead
strace -f -o ssh_trace.log ssh user@host # Trace system calls
Common culprits include:
- DNS resolution failures (especially reverse DNS)
- Pending NFS mounts or automount triggers
- Bloated shell startup files (.bashrc, .profile, etc.)
- GSSAPI authentication timeouts
- Systemd's lingering session cleanup
# Check DNS resolution timing
dig +short +stats $(hostname -f)
dig +short -x $(hostname -i)
# SSH config optimizations
cat << EOF >> ~/.ssh/config
Host *
GSSAPIAuthentication no
UseDNS no
EOF
Avoid these common antipatterns in your .bashrc:
# BAD: Network calls during shell init
if [[ $- == *i* ]]; then
weather=$(curl -s wttr.in) # Network-dependent
neofetch # Heavy disk I/O
fi
# GOOD: Lazy-load heavy operations
echo "For system stats, run 'sysinfo'"
sysinfo() {
neofetch
}
# Disable problematic PAM modules
sudo sed -i '/pam_systemd.so/s/^/#/' /etc/pam.d/sshd
# NFS client tweaks
echo "noac,soft,timeo=10" >> /etc/fstab
# Measure shell startup time
for i in {1..5}; do
time bash --norc --noprofile -i -c "exit"
done
# Zsh users: profiling
zmodload zsh/zprof
zsh -i -c exit
For enterprise environments, consider implementing pam_ssh_agent_auth instead of GSSAPI and pre-caching SSH host keys across your infrastructure.
When you SSH into a server or open a local terminal and see:
Last login: Wed Jan 10 14:30:22 2024 from 192.168.1.100
# ...then nothing for 10-60 seconds...This latency occurs after authentication but before shell initialization completes. Let's autopsy this common annoyance.
- DNS Lookups: Reverse DNS for client IP (especially if DNS servers are slow/unreachable)
- Network Filesystems: Homedir mounted via NFS/AFS with connectivity issues
- Shell Configs: Bloated .bashrc/.zshrc loading excessive plugins/tools
- SSH Configs: GSSAPI authentication or deprecated crypto settings
- Systemd: User session initialization delays
Trace the initialization sequence:
# For SSH sessions:
ssh -vvv user@host
# For local shells:
strace -f -o /tmp/shell_trace.log bash -l
# Check DNS timing:
time dig +short -x $(curl -s ifconfig.me)1. DNS Resolution
Disable reverse DNS in sshd_config:
# /etc/ssh/sshd_config
UseDNS no2. Shell Optimization
Profile your shell startup:
zsh -xv 2>&1 | ts '%H:%M:%.S' | tee /tmp/zsh_startup.log
bash -xlic "" 2>&1 | ts '%H:%M:%.S' | tee /tmp/bash_startup.log3. Network Filesystems
For NFS-mounted homes, add these mount options:
# /etc/fstab
server:/home /home nfs rw,soft,intr,timeo=5,retrans=1 0 0For systemd-based systems, check user slice initialization:
journalctl --user-unit=user@$(id -u).service -bExample of a fixed .bashrc structure:
# Load fast components first
[ -f ~/.bash_env ] && . ~/.bash_env
# Defer slow-loading components
if [[ $- == *i* ]]; then
[ -f ~/.bash_interactive ] && . ~/.bash_interactive
fi| Fix | Before | After |
|---|---|---|
| Disabled UseDNS | 12.4s | 1.2s |
| Optimized .bashrc | 8.7s | 0.3s |
| NFS mount opts | 22.1s | 3.4s |