Write error : dbclient

pratik singh pratiksingh86 at gmail.com
Wed Oct 8 19:54:29 WST 2014


Hi Matt,

Thanks for the prompt response.

Yes, mp_exptmod() call in kexdh_comb_key() is taking around 60 seconds.

Adding "#define MP_LOW_MEM 1" to options.h then "make clean" and rebuild
does not help the situation. I am not sure about data cache type. How to
check it?

Please share your inputs on this.

Thanks
Pratik

On Sun, Sep 28, 2014 at 7:21 PM, Matt Johnston <matt at ucc.asn.au> wrote:

> Hi Pratik,
>
> Yes, mp_exptmod() the problematic part. Without performing
> the "verify" SSH won't have any security against network
> attacks - certainly not advisable.
>
> There's also a mp_exptmod() call in kexdh_comb_key()  which
> creates the session key - is that call slow too?
>
> Does adding "#define MP_LOW_MEM 1" to options.h then "make
> clean" and rebuild help the situation? Do you know what kind
> of data cache the device has?
>
> Cheers,
> Matt
>
>
> On Fri, Sep 26, 2014 at 12:50:26PM +0530, pratik singh wrote:
> > Hi Matt,
> >
> > Thanks for the reply.
> >
> > Things are working fine when I commented function "buf_dss_verify".
> > Actually majoriy of the time taken was in mp_exptmod() routine with each
> > call takes around 25 secs and because of this only openssh server is
> > getting timeout.
> > As per your suggestion one of the solution is to merge tofastmath library
> > but just for one function merging whole library is a hectic work though.
> > Based on experiments i have couple of questions:
> > 1)  dropbear ssh client is working by commenting out the function
> > "buf_dss_verify". Is it ok for me to take this as workaround and continue
> > or this can cause any serious problem further?
> > 2) Is there any other solution to improve the speed of calculations in
> > function "mp_exptmod()" only?
> >
> > Appreciate your response.
> >
> > Thanks
> > Pratik
> >
> > On Wed, Sep 24, 2014 at 8:02 PM, Matt Johnston <matt at ucc.asn.au> wrote:
> >
> > > Hi Pratik,
> > >
> > > I'm assuming that it is the session timeout that's causing
> > > the disconnection.  The log on the OpenSSH server should
> > > confirm that.
> > >
> > > I think the only real solution would be to improve the speed
> > > of libtommath on that device. Running a profiler to
> > > determine the slowest parts would be the first step. I don't
> > > know much about the device itself though it seems libtommath
> > > performs quite badly - OpenSSL is generally faster. Looking
> > > at the difference in its maths operations might help. It's
> > > non-trivial work though.
> > >
> > > Cheers,
> > > Matt
> > >
> > >
> > > On Wed, Sep 24, 2014 at 02:12:41PM +0530, pratik singh wrote:
> > > > Hi,
> > > >
> > > > I am using Dropbear 0.48 with uClinux-dist. Currently dropbear
> server is
> > > > working fine but while trying to run dbclient it throws write error.
> Some
> > > > of the traces are:
> > > >
> > > > TRACE: leave process_packet
> > > > TRACE: enter cli_sessionloop
> > > > TRACE: enter send_msg_service_request: servicename='ssh-userauth'
> > > > TRACE: enter encrypt_packet()
> > > > TRACE: encrypt_packet type is 5
> > > >
> > > > TRACE: enter writemac
> > > > TRACE: leave writemac
> > > > TRACE: enter enqueue
> > > > TRACE: leave enqueue
> > > > TRACE: leave encrypt_packet()
> > > > TRACE: leave send_msg_service_request
> > > > TRACE: leave cli_sessionloop: sent userauth service req
> > > > TRACE: enter write_packet
> > > >
> > > > TRACE: enter cli_tty_cleanup
> > > > TRACE: leave cli_tty_cleanup: not in raw mode
> > > > TRACE: enter session_cleanup
> > > > TRACE: enter chancleanup
> > > > TRACE: leave chancleanup
> > > > TRACE: leave session_cleanup
> > > > dbclient: connection to pratik at 10.10.10.1:22 exited: error writing
> > > >
> > >
> --------------------------------------------------------------------------------------------------------------
> > > >
> > > > I have tried the following:
> > > > 1) Run dbclient with -K option but still getting the same write error
> > > > 2) Run dbclient with -y option but still getting the same write error
> > > >
> > > > On further debugging I have found that this write comes because
> server
> > > (in
> > > > this case Openssh) is getting timeout.
> > > >
> > > > I am running microblaze processor at about 60mhz with hardware
> > > > multiplier, divider enabled.
> > > >
> > > >
> > > > From the wireshark capture i have seen that server is sending "FIN"
> > > > packet. also server is sending the 2 ssh packets in one reply packet.
> > > > Do not know the reason of this behavior.
> > > >
> > > >
> > > > I am facing this problem for connection between dbclient <---->
> Openssh.
> > > >
> > > >
> > > > Please help as m stuck to this problem since very long. Appreciate
> your
> > > reply.
> > > >
> > > >
> > > > Attached the pcap file for your reference. apply
> > > "ip.addr==10.216.114.137"
> > > > filter in pcap file. IP address is client having dbclient and other
> is
> > > > server having openssh.
> > > >
> > > >
> > > > --
> > > > Thanks & Regards
> > > > Pratik Singh
> > >
> > >
> > >
> >
> >
> > --
> > Thanks & Regards
> > Pratik Singh
>



-- 
Thanks & Regards
Pratik Singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20141008/2fa13598/attachment.htm 


More information about the Dropbear mailing list