No subject

dbextern at gmx.de dbextern at gmx.de
Thu Jan 3 21:58:00 WST 2013


Hi Matt, 

thank you for the quick response.

# 7 seconds seems slow. Where said that it's a common problem?
# I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6").
# Was it built with the same compiler and compile options?
# Leaving optimisation off could make that difference.

I found a few posts on the mailing list about that topic. 
(for example: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q1/001098.html
or http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q3/001149.html)
The CPU is at 100% during the login. 
Both versions have been compiled with the same external setup. 
When the dropbear is the only process running the time is reduced to ~3s which is still a lot slower than the V0.52 (that does it in less than 1s).
Were Options added between those versions that could have an impact? Did maybe the libtommath/crypt change? 


# I can't see how it wouldn't ask for a password unless
# there's -g or -s on the commandline. Does "ssh -v" show just
# "Authentications that can continue: publickey", not
# "publickey,password" ?

The server gives a 
"Authentications that can continue: publickey".
It is started without any options. 

Grüße
Sebastian

-

Sebastian Fett, R&D
T +49-7191-9669-0, F +49-7191-950000, Sebastian.Fett at dbaudio.com, www.dbaudio.com

d&b audiotechnik GmbH, Eugen-Adolff-Straße 134, 71522 Backnang, Germany
Geschäftsführer: Frank Bothe, Markus Strohmeier
Finanzen: Kay Lange; Marketing: Simon Johnston
Sitz: Backnang; Amtsgericht Stuttgart, HRB 725789



Von:	Matt Johnston <matt at ucc.asn.au>
An:	dbextern at gmx.de, 
Kopie:	dropbear at ucc.asn.au
Datum:	03.01.2013 12:51
Betreff:	Re: Issues after Update from 0.52 to 2012.55; login time; password auth



Hi,

7 seconds seems slow. Where said that it's a common problem?
I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6").
Was it built with the same compiler and compile options?
Leaving optimisation off could make that difference.

I can't see how it wouldn't ask for a password unless
there's -g or -s on the commandline. Does "ssh -v" show just
"Authentications that can continue: publickey", not
"publickey,password" ?

Cheers,
Matt


On Thu, Jan 03, 2013 at 12:10:51PM +0100, dbextern at gmx.de wrote:
> Hello!
> 
> I'm using dropbear on an embedded System with uCLinux. It works great. And first I want to thank all of you for the work you put in it.
> 
> After reading about the security fix I updated the dropbear from a (very stable and fast) 0.52 to the new 2012.55.
> 
> After the update two things changed. The login time increased a lot. From next to nothing to about 7s (on a 600MHz CPU). I read that this is a common problem, and that my 7s are still quite good. I'm just surprised about he increase. 
> 
> Secondly the dropbear does not allow password login anymore (the server only gives back "pubkey" as available option). The according defines in the options.h are still active though. And the dropbear is started without -s. I'm out of ideas what to try to enable it again. When I just replace the dropbear executable with the 0.52 version it works again.
> 
> Any thoughts and advide is highly appreciated. Tank you in advance.
> 
> Grüße
> Sebastian
> 



More information about the Dropbear mailing list