Hi Matt, thank you for the quick response.
# 7 seconds seems slow. Where said that it's a common problem? # I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6"). # Was it built with the same compiler and compile options? # Leaving optimisation off could make that difference. I found a few posts on the mailing list about that topic. (for example: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q1/001098.html or http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q3/001149.html) The CPU is at 100% during the login. Both versions have been compiled with the same external setup. When the dropbear is the only process running the time is reduced to ~3s which is still a lot slower than the V0.52 (that does it in less than 1s). Were Options added between those versions that could have an impact? Did maybe the libtommath/crypt change? # I can't see how it wouldn't ask for a password unless # there's -g or -s on the commandline. Does "ssh -v" show just # "Authentications that can continue: publickey", not # "publickey,password" ? The server gives a "Authentications that can continue: publickey". It is started without any options. Grüße Sebastian - Sebastian Fett, R&D T +49-7191-9669-0, F +49-7191-950000, [email protected], www.dbaudio.com d&b audiotechnik GmbH, Eugen-Adolff-Straße 134, 71522 Backnang, Germany Geschäftsführer: Frank Bothe, Markus Strohmeier Finanzen: Kay Lange; Marketing: Simon Johnston Sitz: Backnang; Amtsgericht Stuttgart, HRB 725789 Von: Matt Johnston <[email protected]> An: [email protected], Kopie: [email protected] Datum: 03.01.2013 12:51 Betreff: Re: Issues after Update from 0.52 to 2012.55; login time; password auth Hi, 7 seconds seems slow. Where said that it's a common problem? I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6"). Was it built with the same compiler and compile options? Leaving optimisation off could make that difference. I can't see how it wouldn't ask for a password unless there's -g or -s on the commandline. Does "ssh -v" show just "Authentications that can continue: publickey", not "publickey,password" ? Cheers, Matt On Thu, Jan 03, 2013 at 12:10:51PM +0100, [email protected] wrote: > Hello! > > I'm using dropbear on an embedded System with uCLinux. It works great. And > first I want to thank all of you for the work you put in it. > > After reading about the security fix I updated the dropbear from a (very > stable and fast) 0.52 to the new 2012.55. > > After the update two things changed. The login time increased a lot. From > next to nothing to about 7s (on a 600MHz CPU). I read that this is a common > problem, and that my 7s are still quite good. I'm just surprised about he > increase. > > Secondly the dropbear does not allow password login anymore (the server only > gives back "pubkey" as available option). The according defines in the > options.h are still active though. And the dropbear is started without -s. > I'm out of ideas what to try to enable it again. When I just replace the > dropbear executable with the 0.52 version it works again. > > Any thoughts and advide is highly appreciated. Tank you in advance. > > Grüße > Sebastian >
