45s login delay

Magnus Nilsson man at lundinova.se
Mon Mar 14 21:19:30 WST 2011


You mean like 'ssh -c 3des root at 10.240.22.103'?
(I also deleted /etc/dropbear_rsa_host_key to be sure)

Unfortunately I get the exact same delay - 45s.

Kind regards/Magnus

On 2011-03-14 13:27, Matt Johnston wrote:
> If you only give the server a DSS key how does it perform?
> That should be quicker than RSA.
>
> Cheers,
> Matt
>
> On Mon, Mar 14, 2011 at 01:25:07PM +0100, Magnus Nilsson wrote:
>> Hi,
>>
>> Thanks for the quick reply. It's at 192MHz.
>> It's this one: http://www.moxa.com/product/EM-1240.htm
>>
>> If this is expected, what can I do to shorten the delay (without
>> compromising security too much)? 45s is a bit long to endure (e.g.
>> WinSCP gives up after 15s).
>> I'll try get top or a better ps on the board to see how busy the cpu gets.
>>
>> Kind regards/Magnus
>>
>>
>> On 2011-03-14 12:59, Matt Johnston wrote:
>>> Hi,
>>>
>>> What clock speed is the CPU? It looks a bit like it's just taking a very long time to perform big-number operations.
>>>
>>> Cheers,
>>> Matt
>>>
>>> Magnus Nilsson<man at lundinova.se>   wrote:
>>>
>>>> Hello,
>>>>
>>>> I have an issue with ~45s delay on every login (ssh, scp etc). Once the
>>>>
>>>> link is up dropbear runs fine.
>>>>
>>>> After reading these forums, I have disabled reverse lookup and added
>>>> client IP to /etc/hosts, but that didn't help.
>>>>
>>>> I'm running dropbear 0.53.1 on armv4tl, uClinux 2.6.19, built largely
>>>> like this:
>>>> http://hi.baidu.com/kkernel/blog/item/ff919681141beddebc3e1e23.html
>>>> but with --disable-shadow
>>>>
>>>> This the verbose output:
>>>> # ./dropbear -a -F -v
>>>> TRACE (73): enter loadhostkeys
>>>> TRACE (73): enter buf_get_priv_key
>>>> TRACE (73): enter rsa_key_free
>>>> TRACE (73): leave rsa_key_free: key == NULL
>>>> TRACE (73): enter buf_get_rsa_priv_key
>>>> TRACE (73): enter buf_get_rsa_pub_key
>>>> TRACE (73): leave buf_get_rsa_pub_key: success
>>>> TRACE (73): leave buf_get_rsa_priv_key
>>>> TRACE (73): leave buf_get_priv_key
>>>> TRACE (73): enter buf_get_priv_key
>>>> TRACE (73): enter dsa_key_free
>>>> TRACE (73): enter dsa_key_free: key == NULL
>>>> TRACE (73): enter buf_get_dss_pub_key
>>>> TRACE (73): leave buf_get_dss_pub_key: success
>>>> TRACE (73): leave buf_get_priv_key
>>>> TRACE (73): leave loadhostkeys
>>>> TRACE (73): listensockets: 1 to try
>>>> TRACE (73): listening on ':22'
>>>> TRACE (73): enter dropbear_listen
>>>> TRACE (73): dropbear_listen: all interfaces
>>>> TRACE (73): bind(22) failed
>>>> TRACE (73): leave dropbear_listen: success, 1 socks bound
>>>> [73] Mar 14 17:17:30 Not backgrounding
>>>> [74] Mar 14 17:17:39 Child connection from 10.240.22.22:1456
>>>> TRACE (74): enter session_init
>>>> TRACE (74): setnonblocking: 3
>>>> TRACE (74): leave setnonblocking
>>>> TRACE (74): setnonblocking: 5
>>>> TRACE (74): leave setnonblocking
>>>> TRACE (74): kexinitialise()
>>>> TRACE (74): leave session_init
>>>> TRACE (74): enter ident_readln
>>>> TRACE (74): leave ident_readln: return 27
>>>> TRACE (74): remoteident: SSH-2.0-PuTTY_Release_0.60
>>>> TRACE (74): enter encrypt_packet()
>>>> TRACE (74): encrypt_packet type is 20
>>>> TRACE (74): enter writemac
>>>> TRACE (74): leave writemac
>>>> TRACE (74): enter enqueue
>>>> TRACE (74): leave enqueue
>>>> TRACE (74): leave encrypt_packet()
>>>> TRACE (74): DATAALLOWED=0
>>>> TRACE (74): ->   KEXINIT
>>>> TRACE (74): enter write_packet
>>>> TRACE (74): empty queue dequeing
>>>> TRACE (74): leave write_packet
>>>> TRACE (74): enter read_packet
>>>> TRACE (74): packet size is 616, block 8 mac 0
>>>> TRACE (74): enter decrypt_packet
>>>> TRACE (74): enter writemac
>>>> TRACE (74): leave writemac
>>>> TRACE (74): leave decrypt_packet
>>>> TRACE (74): leave read_packet
>>>> TRACE (74): enter process_packet
>>>> TRACE (74): process_packet: packet type = 20
>>>> TRACE (74):<- KEXINIT
>>>> TRACE (74): enter recv_msg_kexinit
>>>> TRACE (74): buf_match_algo:
>>>> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>>>> TRACE (74): kex algo diffie-hellman-group14-sha1
>>>> TRACE (74): buf_match_algo: ssh-rsa,ssh-dss
>>>> TRACE (74): hostkey algo ssh-rsa
>>>> TRACE (74): buf_match_algo:
>>>> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
>>>> TRACE (74): enc c2s is  aes256-ctr
>>>> TRACE (74): buf_match_algo:
>>>> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
>>>> TRACE (74): enc s2c is  aes256-ctr
>>>> TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
>>>> TRACE (74): hash c2s is  hmac-sha1
>>>> TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
>>>> TRACE (74): hash s2c is  hmac-sha1
>>>> TRACE (74): buf_match_algo: none,zlib
>>>> TRACE (74): hash c2s is  none
>>>> TRACE (74): buf_match_algo: none,zlib
>>>> TRACE (74): hash s2c is  none
>>>> TRACE (74): leave recv_msg_kexinit
>>>> TRACE (74): leave process_packet
>>>> TRACE (74): maybe_empty_reply_queue - no data allowed
>>>> TRACE (74): enter read_packet
>>>> TRACE (74): packet size is 272, block 8 mac 0
>>>> TRACE (74): enter decrypt_packet
>>>> TRACE (74): enter writemac
>>>> TRACE (74): leave writemac
>>>> TRACE (74): leave decrypt_packet
>>>> TRACE (74): leave read_packet
>>>> TRACE (74): enter process_packet
>>>> TRACE (74): process_packet: packet type = 30
>>>> TRACE (74): enter recv_msg_kexdh_init
>>>> TRACE (74): enter send_msg_kexdh_reply
>>>> TRACE (74): enter send_msg_kexdh_reply
>>>>
>>>> <<<45s delay>>>
>>>>
>>>> TRACE (74): enter buf_put_pub_key
>>>> TRACE (74): enter buf_put_rsa_pub_key
>>>> TRACE (74): enter buf_putmpint
>>>> <snip>
>>>>
>>>>
>>>> I'd be grateful for any ideas and suggestions. Thanks.
>>>>
>>>> Kind regards/Magnus


More information about the Dropbear mailing list