If you only give the server a DSS key how does it perform? That should be quicker than RSA.
Cheers, Matt On Mon, Mar 14, 2011 at 01:25:07PM +0100, Magnus Nilsson wrote: > Hi, > > Thanks for the quick reply. It's at 192MHz. > It's this one: http://www.moxa.com/product/EM-1240.htm > > If this is expected, what can I do to shorten the delay (without > compromising security too much)? 45s is a bit long to endure (e.g. > WinSCP gives up after 15s). > I'll try get top or a better ps on the board to see how busy the cpu gets. > > Kind regards/Magnus > > > On 2011-03-14 12:59, Matt Johnston wrote: > >Hi, > > > >What clock speed is the CPU? It looks a bit like it's just taking a very > >long time to perform big-number operations. > > > >Cheers, > >Matt > > > >Magnus Nilsson<m...@lundinova.se> wrote: > > > >>Hello, > >> > >>I have an issue with ~45s delay on every login (ssh, scp etc). Once the > >> > >>link is up dropbear runs fine. > >> > >>After reading these forums, I have disabled reverse lookup and added > >>client IP to /etc/hosts, but that didn't help. > >> > >>I'm running dropbear 0.53.1 on armv4tl, uClinux 2.6.19, built largely > >>like this: > >>http://hi.baidu.com/kkernel/blog/item/ff919681141beddebc3e1e23.html > >>but with --disable-shadow > >> > >>This the verbose output: > >># ./dropbear -a -F -v > >>TRACE (73): enter loadhostkeys > >>TRACE (73): enter buf_get_priv_key > >>TRACE (73): enter rsa_key_free > >>TRACE (73): leave rsa_key_free: key == NULL > >>TRACE (73): enter buf_get_rsa_priv_key > >>TRACE (73): enter buf_get_rsa_pub_key > >>TRACE (73): leave buf_get_rsa_pub_key: success > >>TRACE (73): leave buf_get_rsa_priv_key > >>TRACE (73): leave buf_get_priv_key > >>TRACE (73): enter buf_get_priv_key > >>TRACE (73): enter dsa_key_free > >>TRACE (73): enter dsa_key_free: key == NULL > >>TRACE (73): enter buf_get_dss_pub_key > >>TRACE (73): leave buf_get_dss_pub_key: success > >>TRACE (73): leave buf_get_priv_key > >>TRACE (73): leave loadhostkeys > >>TRACE (73): listensockets: 1 to try > >>TRACE (73): listening on ':22' > >>TRACE (73): enter dropbear_listen > >>TRACE (73): dropbear_listen: all interfaces > >>TRACE (73): bind(22) failed > >>TRACE (73): leave dropbear_listen: success, 1 socks bound > >>[73] Mar 14 17:17:30 Not backgrounding > >>[74] Mar 14 17:17:39 Child connection from 10.240.22.22:1456 > >>TRACE (74): enter session_init > >>TRACE (74): setnonblocking: 3 > >>TRACE (74): leave setnonblocking > >>TRACE (74): setnonblocking: 5 > >>TRACE (74): leave setnonblocking > >>TRACE (74): kexinitialise() > >>TRACE (74): leave session_init > >>TRACE (74): enter ident_readln > >>TRACE (74): leave ident_readln: return 27 > >>TRACE (74): remoteident: SSH-2.0-PuTTY_Release_0.60 > >>TRACE (74): enter encrypt_packet() > >>TRACE (74): encrypt_packet type is 20 > >>TRACE (74): enter writemac > >>TRACE (74): leave writemac > >>TRACE (74): enter enqueue > >>TRACE (74): leave enqueue > >>TRACE (74): leave encrypt_packet() > >>TRACE (74): DATAALLOWED=0 > >>TRACE (74): -> KEXINIT > >>TRACE (74): enter write_packet > >>TRACE (74): empty queue dequeing > >>TRACE (74): leave write_packet > >>TRACE (74): enter read_packet > >>TRACE (74): packet size is 616, block 8 mac 0 > >>TRACE (74): enter decrypt_packet > >>TRACE (74): enter writemac > >>TRACE (74): leave writemac > >>TRACE (74): leave decrypt_packet > >>TRACE (74): leave read_packet > >>TRACE (74): enter process_packet > >>TRACE (74): process_packet: packet type = 20 > >>TRACE (74):<- KEXINIT > >>TRACE (74): enter recv_msg_kexinit > >>TRACE (74): buf_match_algo: > >>diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > >>TRACE (74): kex algo diffie-hellman-group14-sha1 > >>TRACE (74): buf_match_algo: ssh-rsa,ssh-dss > >>TRACE (74): hostkey algo ssh-rsa > >>TRACE (74): buf_match_algo: > >>aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 > >>TRACE (74): enc c2s is aes256-ctr > >>TRACE (74): buf_match_algo: > >>aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 > >>TRACE (74): enc s2c is aes256-ctr > >>TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5 > >>TRACE (74): hash c2s is hmac-sha1 > >>TRACE (74): buf_match_algo: hmac-sha1,hmac-sha1-96,hmac-md5 > >>TRACE (74): hash s2c is hmac-sha1 > >>TRACE (74): buf_match_algo: none,zlib > >>TRACE (74): hash c2s is none > >>TRACE (74): buf_match_algo: none,zlib > >>TRACE (74): hash s2c is none > >>TRACE (74): leave recv_msg_kexinit > >>TRACE (74): leave process_packet > >>TRACE (74): maybe_empty_reply_queue - no data allowed > >>TRACE (74): enter read_packet > >>TRACE (74): packet size is 272, block 8 mac 0 > >>TRACE (74): enter decrypt_packet > >>TRACE (74): enter writemac > >>TRACE (74): leave writemac > >>TRACE (74): leave decrypt_packet > >>TRACE (74): leave read_packet > >>TRACE (74): enter process_packet > >>TRACE (74): process_packet: packet type = 30 > >>TRACE (74): enter recv_msg_kexdh_init > >>TRACE (74): enter send_msg_kexdh_reply > >>TRACE (74): enter send_msg_kexdh_reply > >> > >><<<45s delay>>> > >> > >>TRACE (74): enter buf_put_pub_key > >>TRACE (74): enter buf_put_rsa_pub_key > >>TRACE (74): enter buf_putmpint > >><snip> > >> > >> > >>I'd be grateful for any ideas and suggestions. Thanks. > >> > >>Kind regards/Magnus