45s login delay

Mon Mar 14 20:27:42 WST 2011

If you only give the server a DSS key how does it perform?
That should be quicker than RSA.

Cheers,
Matt

On Mon, Mar 14, 2011 at 01:25:07PM +0100, Magnus Nilsson wrote:
> Hi,
> 
> Thanks for the quick reply. It's at 192MHz.
> It's this one: http://www.moxa.com/product/EM-1240.htm
> 
> If this is expected, what can I do to shorten the delay (without
> compromising security too much)? 45s is a bit long to endure (e.g.
> WinSCP gives up after 15s).
> I'll try get top or a better ps on the board to see how busy the cpu gets.
> 
> Kind regards/Magnus
> 
> 
> On 2011-03-14 12:59, Matt Johnston wrote:
> >Hi,
> >
> >What clock speed is the CPU? It looks a bit like it's just taking a very long time to perform big-number operations.
> >
> >Cheers,
> >Matt
> >
> >Magnus Nilsson<man at lundinova.se>  wrote:
> >
> >>Hello,
> >>
> >>I have an issue with ~45s delay on every login (ssh, scp etc). Once the
> >>
> >>link is up dropbear runs fine.
> >>
> >>After reading these forums, I have disabled reverse lookup and added
> >>client IP to /etc/hosts, but that didn't help.
> >>
> >>I'm running dropbear 0.53.1 on armv4tl, uClinux 2.6.19, built largely
> >>like this:
> >>http://hi.baidu.com/kkernel/blog/item/ff919681141beddebc3e1e23.html
> >>but with --disable-shadow
> >>
> >>This the verbose output:
> >># ./dropbear -a -F -v
> >>TRACE (73): enter loadhostkeys
> >>TRACE (73): enter buf_get_priv_key
> >>TRACE (73): enter rsa_key_free
> >>TRACE (73): leave rsa_key_free: key == NULL
> >>TRACE (73): enter buf_get_rsa_priv_key
> >>TRACE (73): enter buf_get_rsa_pub_key
> >>TRACE (73): leave buf_get_rsa_pub_key: success
> >>TRACE (73): leave buf_get_rsa_priv_key
> >>TRACE (73): leave buf_get_priv_key
> >>TRACE (73): enter buf_get_priv_key
> >>TRACE (73): enter dsa_key_free
> >>TRACE (73): enter dsa_key_free: key == NULL
> >>TRACE (73): enter buf_get_dss_pub_key
> >>TRACE (73): leave buf_get_dss_pub_key: success
> >>TRACE (73): leave buf_get_priv_key
> >>TRACE (73): leave loadhostkeys
> >>TRACE (73): listensockets: 1 to try
> >>TRACE (73): listening on ':22'
> >>TRACE (73): enter dropbear_listen
> >>TRACE (73): dropbear_listen: all interfaces
> >>TRACE (73): bind(22) failed
> >>TRACE (73): leave dropbear_listen: success, 1 socks bound
> >>[73] Mar 14 17:17:30 Not backgrounding
> >>[74] Mar 14 17:17:39 Child connection from 10.240.22.22:1456
> >>TRACE (74): enter session_init
> >>TRACE (74): setnonblocking: 3
> >>TRACE (74): leave setnonblocking
> >>TRACE (74): setnonblocking: 5
> >>TRACE (74): leave setnonblocking
> >>TRACE (74): kexinitialise()
> >>TRACE (74): leave session_init
> >>TRACE (74): enter ident_readln
> >>TRACE (74): leave ident_readln: return 27
> >>TRACE (74): remoteident: SSH-2.0-PuTTY_Release_0.60
> >>TRACE (74): enter encrypt_packet()
> >>TRACE (74): encrypt_packet type is 20
> >>TRACE (74): enter writemac
> >>TRACE (74): leave writemac
> >>TRACE (74): enter enqueue
> >>TRACE (74): leave enqueue
> >>TRACE (74): leave encrypt_packet()
> >>TRACE (74): DATAALLOWED=0
> >>TRACE (74): ->  KEXINIT
> >>TRACE (74): enter write_packet
> >>TRACE (74): empty queue dequeing
> >>TRACE (74): leave write_packet
> >>TRACE (74): enter read_packet
> >>TRACE (74): packet size is 616, block 8 mac 0
> >>TRACE (74): enter decrypt_packet
> >>TRACE (74): enter writemac
> >>TRACE (74): leave writemac
> >>TRACE (74): leave decrypt_packet
> >>TRACE (74): leave read_packet
> >>TRACE (74): enter process_packet
> >>TRACE (74): process_packet: packet type = 20
> >>TRACE (74):<- KEXINIT
> >>TRACE (74): enter recv_msg_kexinit
> >>TRACE (74): buf_match_algo:
> >>diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> >>TRACE (74): kex algo diffie-hellman-group14-sha1
> >>TRACE (74): buf_match_algo: ssh-rsa,ssh-dss
> >>TRACE (74): hostkey algo ssh-rsa
> >>TRACE (74): buf_match_algo:
> >>aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
> >>TRACE (74): enc c2s is  aes256-ctr
> >>TRACE (74): buf_match_algo:
> >>aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128
> >>TRACE (74): enc s2c is  aes256-ctr
> >>TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
> >>TRACE (74): hash c2s is  hmac-sha1
> >>TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
> >>TRACE (74): hash s2c is  hmac-sha1
> >>TRACE (74): buf_match_algo: none,zlib
> >>TRACE (74): hash c2s is  none
> >>TRACE (74): buf_match_algo: none,zlib
> >>TRACE (74): hash s2c is  none
> >>TRACE (74): leave recv_msg_kexinit
> >>TRACE (74): leave process_packet
> >>TRACE (74): maybe_empty_reply_queue - no data allowed
> >>TRACE (74): enter read_packet
> >>TRACE (74): packet size is 272, block 8 mac 0
> >>TRACE (74): enter decrypt_packet
> >>TRACE (74): enter writemac
> >>TRACE (74): leave writemac
> >>TRACE (74): leave decrypt_packet
> >>TRACE (74): leave read_packet
> >>TRACE (74): enter process_packet
> >>TRACE (74): process_packet: packet type = 30
> >>TRACE (74): enter recv_msg_kexdh_init
> >>TRACE (74): enter send_msg_kexdh_reply
> >>TRACE (74): enter send_msg_kexdh_reply
> >>
> >><<<45s delay>>>
> >>
> >>TRACE (74): enter buf_put_pub_key
> >>TRACE (74): enter buf_put_rsa_pub_key
> >>TRACE (74): enter buf_putmpint
> >><snip>
> >>
> >>
> >>I'd be grateful for any ideas and suggestions. Thanks.
> >>
> >>Kind regards/Magnus