Configure dropbear to be fast/insecure? (need a Microblaze speed-up!)

Matt Johnston matt at ucc.asn.au
Thu Nov 6 22:44:18 WST 2008


On Thu, Nov 06, 2008 at 07:00:08AM -0600, Steve Hein wrote:
> Hi All--
> I am running dropbear on a Microblaze-MMU platform
> (Spartan-3A FPGA, running @ 62.5MHz).
> I've optimized things as far as I know how, but making
> an ssh connection to dropbear still takes about 12 seconds,
> and the scp and port forwarding performance is still very
> slow.    
>...
> Since all security can be handled from
> the node that is accessible to the outside.....I was wondering
> if it is possible to configure dropbear in an "insecure" mode,
> even to the point of not using encryption?   

There's a (fairly untested) branch^
http://viewmtn.angrygoats.net/all/branch/changes/au.asn.ucc.matt.dropbear.insecure-nocrypto
that allows using the 'none' cipher and mac algorithms.
You'll have to compile a custom client/server of course, and
if you want to use password auth grep for "sorry" and remove
those checks :)

I'm not sure about improving the initial connection time -
using small DSS hostkeys will probably be the best
approach, though you've probably already tried that.
There were a few internet-drafts about elliptic curve
Diffie-Hellman for SSH, though I haven't looked at those
much. Of course if security isn't any issue then perhaps a
'none' key-exchange method could be invented too ;)

Cheers,
Matt


^ The web mirror hasn't updated yet to my current commit
though, give it a little while for "Update nocrypto branch to
current head" to appear. You can grab a tarball under
"browse files", you'll have to run "autoconf; autoheader"
before configure.


More information about the Dropbear mailing list