On Thu, Nov 06, 2008 at 07:00:08AM -0600, Steve Hein wrote: > Hi All-- > I am running dropbear on a Microblaze-MMU platform > (Spartan-3A FPGA, running @ 62.5MHz). > I've optimized things as far as I know how, but making > an ssh connection to dropbear still takes about 12 seconds, > and the scp and port forwarding performance is still very > slow. >... > Since all security can be handled from > the node that is accessible to the outside.....I was wondering > if it is possible to configure dropbear in an "insecure" mode, > even to the point of not using encryption?
There's a (fairly untested) branch^ http://viewmtn.angrygoats.net/all/branch/changes/au.asn.ucc.matt.dropbear.insecure-nocrypto that allows using the 'none' cipher and mac algorithms. You'll have to compile a custom client/server of course, and if you want to use password auth grep for "sorry" and remove those checks :) I'm not sure about improving the initial connection time - using small DSS hostkeys will probably be the best approach, though you've probably already tried that. There were a few internet-drafts about elliptic curve Diffie-Hellman for SSH, though I haven't looked at those much. Of course if security isn't any issue then perhaps a 'none' key-exchange method could be invented too ;) Cheers, Matt ^ The web mirror hasn't updated yet to my current commit though, give it a little while for "Update nocrypto branch to current head" to appear. You can grab a tarball under "browse files", you'll have to run "autoconf; autoheader" before configure.