Hi Matt, Thanks for the prompt response.
Yes, mp_exptmod() call in kexdh_comb_key() is taking around 60 seconds. Adding "#define MP_LOW_MEM 1" to options.h then "make clean" and rebuild does not help the situation. I am not sure about data cache type. How to check it? Please share your inputs on this. Thanks Pratik On Sun, Sep 28, 2014 at 7:21 PM, Matt Johnston <[email protected]> wrote: > Hi Pratik, > > Yes, mp_exptmod() the problematic part. Without performing > the "verify" SSH won't have any security against network > attacks - certainly not advisable. > > There's also a mp_exptmod() call in kexdh_comb_key() which > creates the session key - is that call slow too? > > Does adding "#define MP_LOW_MEM 1" to options.h then "make > clean" and rebuild help the situation? Do you know what kind > of data cache the device has? > > Cheers, > Matt > > > On Fri, Sep 26, 2014 at 12:50:26PM +0530, pratik singh wrote: > > Hi Matt, > > > > Thanks for the reply. > > > > Things are working fine when I commented function "buf_dss_verify". > > Actually majoriy of the time taken was in mp_exptmod() routine with each > > call takes around 25 secs and because of this only openssh server is > > getting timeout. > > As per your suggestion one of the solution is to merge tofastmath library > > but just for one function merging whole library is a hectic work though. > > Based on experiments i have couple of questions: > > 1) dropbear ssh client is working by commenting out the function > > "buf_dss_verify". Is it ok for me to take this as workaround and continue > > or this can cause any serious problem further? > > 2) Is there any other solution to improve the speed of calculations in > > function "mp_exptmod()" only? > > > > Appreciate your response. > > > > Thanks > > Pratik > > > > On Wed, Sep 24, 2014 at 8:02 PM, Matt Johnston <[email protected]> wrote: > > > > > Hi Pratik, > > > > > > I'm assuming that it is the session timeout that's causing > > > the disconnection. The log on the OpenSSH server should > > > confirm that. > > > > > > I think the only real solution would be to improve the speed > > > of libtommath on that device. Running a profiler to > > > determine the slowest parts would be the first step. I don't > > > know much about the device itself though it seems libtommath > > > performs quite badly - OpenSSL is generally faster. Looking > > > at the difference in its maths operations might help. It's > > > non-trivial work though. > > > > > > Cheers, > > > Matt > > > > > > > > > On Wed, Sep 24, 2014 at 02:12:41PM +0530, pratik singh wrote: > > > > Hi, > > > > > > > > I am using Dropbear 0.48 with uClinux-dist. Currently dropbear > server is > > > > working fine but while trying to run dbclient it throws write error. > Some > > > > of the traces are: > > > > > > > > TRACE: leave process_packet > > > > TRACE: enter cli_sessionloop > > > > TRACE: enter send_msg_service_request: servicename='ssh-userauth' > > > > TRACE: enter encrypt_packet() > > > > TRACE: encrypt_packet type is 5 > > > > > > > > TRACE: enter writemac > > > > TRACE: leave writemac > > > > TRACE: enter enqueue > > > > TRACE: leave enqueue > > > > TRACE: leave encrypt_packet() > > > > TRACE: leave send_msg_service_request > > > > TRACE: leave cli_sessionloop: sent userauth service req > > > > TRACE: enter write_packet > > > > > > > > TRACE: enter cli_tty_cleanup > > > > TRACE: leave cli_tty_cleanup: not in raw mode > > > > TRACE: enter session_cleanup > > > > TRACE: enter chancleanup > > > > TRACE: leave chancleanup > > > > TRACE: leave session_cleanup > > > > dbclient: connection to [email protected]:22 exited: error writing > > > > > > > > -------------------------------------------------------------------------------------------------------------- > > > > > > > > I have tried the following: > > > > 1) Run dbclient with -K option but still getting the same write error > > > > 2) Run dbclient with -y option but still getting the same write error > > > > > > > > On further debugging I have found that this write comes because > server > > > (in > > > > this case Openssh) is getting timeout. > > > > > > > > I am running microblaze processor at about 60mhz with hardware > > > > multiplier, divider enabled. > > > > > > > > > > > > From the wireshark capture i have seen that server is sending "FIN" > > > > packet. also server is sending the 2 ssh packets in one reply packet. > > > > Do not know the reason of this behavior. > > > > > > > > > > > > I am facing this problem for connection between dbclient <----> > Openssh. > > > > > > > > > > > > Please help as m stuck to this problem since very long. Appreciate > your > > > reply. > > > > > > > > > > > > Attached the pcap file for your reference. apply > > > "ip.addr==10.216.114.137" > > > > filter in pcap file. IP address is client having dbclient and other > is > > > > server having openssh. > > > > > > > > > > > > -- > > > > Thanks & Regards > > > > Pratik Singh > > > > > > > > > > > > > > > -- > > Thanks & Regards > > Pratik Singh > -- Thanks & Regards Pratik Singh
