45s login delay

Magnus Nilsson man at lundinova.se
Mon Mar 14 23:09:19 WST 2011 

Both top and ps are the gimped uClinux versions, but I found the cpu tool:
     # cpu -r
     CPU:  busy 100%  (system=0% user=99% nice=0% idle=0%)
     CPU:  busy 100%  (system=0% user=100% nice=0% idle=0%)
     ...

So indeed it looks busy. Any suggestions what I can do to lighten the load?

Kind regards/Magnus


On 2011-03-14 14:19, Magnus Nilsson wrote:
> You mean like 'ssh -c 3des root at 10.240.22.103'?
> (I also deleted /etc/dropbear_rsa_host_key to be sure)
>
> Unfortunately I get the exact same delay - 45s.
>
> Kind regards/Magnus
>
> On 2011-03-14 13:27, Matt Johnston wrote:
>> If you only give the server a DSS key how does it perform?
>> That should be quicker than RSA.
>>
>> Cheers,
>> Matt
>>
>> On Mon, Mar 14, 2011 at 01:25:07PM +0100, Magnus Nilsson wrote:
>>> Hi,
>>>
>>> Thanks for the quick reply. It's at 192MHz.
>>> It's this one: http://www.moxa.com/product/EM-1240.htm
>>>
>>> If this is expected, what can I do to shorten the delay (without
>>> compromising security too much)? 45s is a bit long to endure (e.g.
>>> WinSCP gives up after 15s).
>>> I'll try get top or a better ps on the board to see how busy the cpu 
>>> gets.
>>>
>>> Kind regards/Magnus
>>>
>>>
>>> On 2011-03-14 12:59, Matt Johnston wrote:
>>>> Hi,
>>>>
>>>> What clock speed is the CPU? It looks a bit like it's just taking a 
>>>> very long time to perform big-number operations.
>>>>
>>>> Cheers,
>>>> Matt
>>>>
>>>> Magnus Nilsson<man at lundinova.se>   wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I have an issue with ~45s delay on every login (ssh, scp etc). 
>>>>> Once the
>>>>>
>>>>> link is up dropbear runs fine.
>>>>>
>>>>> After reading these forums, I have disabled reverse lookup and added
>>>>> client IP to /etc/hosts, but that didn't help.
>>>>>
>>>>> I'm running dropbear 0.53.1 on armv4tl, uClinux 2.6.19, built largely
>>>>> like this:
>>>>> http://hi.baidu.com/kkernel/blog/item/ff919681141beddebc3e1e23.html
>>>>> but with --disable-shadow
>>>>>
>>>>> This the verbose output:
>>>>> # ./dropbear -a -F -v
>>>>> TRACE (73): enter loadhostkeys
>>>>> TRACE (73): enter buf_get_priv_key
>>>>> TRACE (73): enter rsa_key_free
>>>>> TRACE (73): leave rsa_key_free: key == NULL
>>>>> TRACE (73): enter buf_get_rsa_priv_key
>>>>> TRACE (73): enter buf_get_rsa_pub_key
>>>>> TRACE (73): leave buf_get_rsa_pub_key: success
>>>>> TRACE (73): leave buf_get_rsa_priv_key
>>>>> TRACE (73): leave buf_get_priv_key
>>>>> TRACE (73): enter buf_get_priv_key
>>>>> TRACE (73): enter dsa_key_free
>>>>> TRACE (73): enter dsa_key_free: key == NULL
>>>>> TRACE (73): enter buf_get_dss_pub_key
>>>>> TRACE (73): leave buf_get_dss_pub_key: success
>>>>> TRACE (73): leave buf_get_priv_key
>>>>> TRACE (73): leave loadhostkeys
>>>>> TRACE (73): listensockets: 1 to try
>>>>> TRACE (73): listening on ':22'
>>>>> TRACE (73): enter dropbear_listen
>>>>> TRACE (73): dropbear_listen: all interfaces
>>>>> TRACE (73): bind(22) failed
>>>>> TRACE (73): leave dropbear_listen: success, 1 socks bound
>>>>> [73] Mar 14 17:17:30 Not backgrounding
>>>>> [74] Mar 14 17:17:39 Child connection from 10.240.22.22:1456
>>>>> TRACE (74): enter session_init
>>>>> TRACE (74): setnonblocking: 3
>>>>> TRACE (74): leave setnonblocking
>>>>> TRACE (74): setnonblocking: 5
>>>>> TRACE (74): leave setnonblocking
>>>>> TRACE (74): kexinitialise()
>>>>> TRACE (74): leave session_init
>>>>> TRACE (74): enter ident_readln
>>>>> TRACE (74): leave ident_readln: return 27
>>>>> TRACE (74): remoteident: SSH-2.0-PuTTY_Release_0.60
>>>>> TRACE (74): enter encrypt_packet()
>>>>> TRACE (74): encrypt_packet type is 20
>>>>> TRACE (74): enter writemac
>>>>> TRACE (74): leave writemac
>>>>> TRACE (74): enter enqueue
>>>>> TRACE (74): leave enqueue
>>>>> TRACE (74): leave encrypt_packet()
>>>>> TRACE (74): DATAALLOWED=0
>>>>> TRACE (74): ->   KEXINIT
>>>>> TRACE (74): enter write_packet
>>>>> TRACE (74): empty queue dequeing
>>>>> TRACE (74): leave write_packet
>>>>> TRACE (74): enter read_packet
>>>>> TRACE (74): packet size is 616, block 8 mac 0
>>>>> TRACE (74): enter decrypt_packet
>>>>> TRACE (74): enter writemac
>>>>> TRACE (74): leave writemac
>>>>> TRACE (74): leave decrypt_packet
>>>>> TRACE (74): leave read_packet
>>>>> TRACE (74): enter process_packet
>>>>> TRACE (74): process_packet: packet type = 20
>>>>> TRACE (74):<- KEXINIT
>>>>> TRACE (74): enter recv_msg_kexinit
>>>>> TRACE (74): buf_match_algo:
>>>>> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
>>>>>
>>>>> TRACE (74): kex algo diffie-hellman-group14-sha1
>>>>> TRACE (74): buf_match_algo: ssh-rsa,ssh-dss
>>>>> TRACE (74): hostkey algo ssh-rsa
>>>>> TRACE (74): buf_match_algo:
>>>>> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
>>>>>
>>>>> TRACE (74): enc c2s is  aes256-ctr
>>>>> TRACE (74): buf_match_algo:
>>>>> aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 
>>>>>
>>>>> TRACE (74): enc s2c is  aes256-ctr
>>>>> TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
>>>>> TRACE (74): hash c2s is  hmac-sha1
>>>>> TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5
>>>>> TRACE (74): hash s2c is  hmac-sha1
>>>>> TRACE (74): buf_match_algo: none,zlib
>>>>> TRACE (74): hash c2s is  none
>>>>> TRACE (74): buf_match_algo: none,zlib
>>>>> TRACE (74): hash s2c is  none
>>>>> TRACE (74): leave recv_msg_kexinit
>>>>> TRACE (74): leave process_packet
>>>>> TRACE (74): maybe_empty_reply_queue - no data allowed
>>>>> TRACE (74): enter read_packet
>>>>> TRACE (74): packet size is 272, block 8 mac 0
>>>>> TRACE (74): enter decrypt_packet
>>>>> TRACE (74): enter writemac
>>>>> TRACE (74): leave writemac
>>>>> TRACE (74): leave decrypt_packet
>>>>> TRACE (74): leave read_packet
>>>>> TRACE (74): enter process_packet
>>>>> TRACE (74): process_packet: packet type = 30
>>>>> TRACE (74): enter recv_msg_kexdh_init
>>>>> TRACE (74): enter send_msg_kexdh_reply
>>>>> TRACE (74): enter send_msg_kexdh_reply
>>>>>
>>>>> <<<45s delay>>>
>>>>>
>>>>> TRACE (74): enter buf_put_pub_key
>>>>> TRACE (74): enter buf_put_rsa_pub_key
>>>>> TRACE (74): enter buf_putmpint
>>>>> <snip>
>>>>>
>>>>>
>>>>> I'd be grateful for any ideas and suggestions. Thanks.
>>>>>
>>>>> Kind regards/Magnus

More information about the Dropbear mailing list