Write error : dbclient
Matt Johnston
matt at ucc.asn.au
Sun Sep 28 21:51:03 WST 2014
Hi Pratik,
Yes, mp_exptmod() the problematic part. Without performing
the "verify" SSH won't have any security against network
attacks - certainly not advisable.
There's also a mp_exptmod() call in kexdh_comb_key() which
creates the session key - is that call slow too?
Does adding "#define MP_LOW_MEM 1" to options.h then "make
clean" and rebuild help the situation? Do you know what kind
of data cache the device has?
Cheers,
Matt
On Fri, Sep 26, 2014 at 12:50:26PM +0530, pratik singh wrote:
> Hi Matt,
>
> Thanks for the reply.
>
> Things are working fine when I commented function "buf_dss_verify".
> Actually majoriy of the time taken was in mp_exptmod() routine with each
> call takes around 25 secs and because of this only openssh server is
> getting timeout.
> As per your suggestion one of the solution is to merge tofastmath library
> but just for one function merging whole library is a hectic work though.
> Based on experiments i have couple of questions:
> 1) dropbear ssh client is working by commenting out the function
> "buf_dss_verify". Is it ok for me to take this as workaround and continue
> or this can cause any serious problem further?
> 2) Is there any other solution to improve the speed of calculations in
> function "mp_exptmod()" only?
>
> Appreciate your response.
>
> Thanks
> Pratik
>
> On Wed, Sep 24, 2014 at 8:02 PM, Matt Johnston <matt at ucc.asn.au> wrote:
>
> > Hi Pratik,
> >
> > I'm assuming that it is the session timeout that's causing
> > the disconnection. The log on the OpenSSH server should
> > confirm that.
> >
> > I think the only real solution would be to improve the speed
> > of libtommath on that device. Running a profiler to
> > determine the slowest parts would be the first step. I don't
> > know much about the device itself though it seems libtommath
> > performs quite badly - OpenSSL is generally faster. Looking
> > at the difference in its maths operations might help. It's
> > non-trivial work though.
> >
> > Cheers,
> > Matt
> >
> >
> > On Wed, Sep 24, 2014 at 02:12:41PM +0530, pratik singh wrote:
> > > Hi,
> > >
> > > I am using Dropbear 0.48 with uClinux-dist. Currently dropbear server is
> > > working fine but while trying to run dbclient it throws write error. Some
> > > of the traces are:
> > >
> > > TRACE: leave process_packet
> > > TRACE: enter cli_sessionloop
> > > TRACE: enter send_msg_service_request: servicename='ssh-userauth'
> > > TRACE: enter encrypt_packet()
> > > TRACE: encrypt_packet type is 5
> > >
> > > TRACE: enter writemac
> > > TRACE: leave writemac
> > > TRACE: enter enqueue
> > > TRACE: leave enqueue
> > > TRACE: leave encrypt_packet()
> > > TRACE: leave send_msg_service_request
> > > TRACE: leave cli_sessionloop: sent userauth service req
> > > TRACE: enter write_packet
> > >
> > > TRACE: enter cli_tty_cleanup
> > > TRACE: leave cli_tty_cleanup: not in raw mode
> > > TRACE: enter session_cleanup
> > > TRACE: enter chancleanup
> > > TRACE: leave chancleanup
> > > TRACE: leave session_cleanup
> > > dbclient: connection to pratik at 10.10.10.1:22 exited: error writing
> > >
> > --------------------------------------------------------------------------------------------------------------
> > >
> > > I have tried the following:
> > > 1) Run dbclient with -K option but still getting the same write error
> > > 2) Run dbclient with -y option but still getting the same write error
> > >
> > > On further debugging I have found that this write comes because server
> > (in
> > > this case Openssh) is getting timeout.
> > >
> > > I am running microblaze processor at about 60mhz with hardware
> > > multiplier, divider enabled.
> > >
> > >
> > > From the wireshark capture i have seen that server is sending "FIN"
> > > packet. also server is sending the 2 ssh packets in one reply packet.
> > > Do not know the reason of this behavior.
> > >
> > >
> > > I am facing this problem for connection between dbclient <----> Openssh.
> > >
> > >
> > > Please help as m stuck to this problem since very long. Appreciate your
> > reply.
> > >
> > >
> > > Attached the pcap file for your reference. apply
> > "ip.addr==10.216.114.137"
> > > filter in pcap file. IP address is client having dbclient and other is
> > > server having openssh.
> > >
> > >
> > > --
> > > Thanks & Regards
> > > Pratik Singh
> >
> >
> >
>
>
> --
> Thanks & Regards
> Pratik Singh
More information about the Dropbear
mailing list