Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 20:30, schrieb James: Stefan G. Weichinger lists at xunil.at writes: When I ssh into a server in my basement, this takes way more time than usual. Does anyone have an idea what I could do to fix that? ssh has an ordered array of negotiations between systems that are related to the version numbers of ssh and the other configurations. There is usually a mismatch, when it takes too long to start a session, in my experience. I did not look at the specifics you posted. both servers/machines run net-misc/openssh-6.6.1_p1 ... re-compiled right today.
Re: [gentoo-user] Re: ssh rekeying slow ?
On 25/06/2014 20:41, Stefan G. Weichinger wrote: Am 25.06.2014 20:30, schrieb James: Stefan G. Weichinger lists at xunil.at writes: When I ssh into a server in my basement, this takes way more time than usual. Does anyone have an idea what I could do to fix that? ssh has an ordered array of negotiations between systems that are related to the version numbers of ssh and the other configurations. There is usually a mismatch, when it takes too long to start a session, in my experience. I did not look at the specifics you posted. both servers/machines run net-misc/openssh-6.6.1_p1 ... re-compiled right today. I've also noticed slowdowns recently, I think it's the new ciphers likes ecdsa. Try this: Connect using ssh -vvv and examine the output to find which of the various ciphers and algorithms are used once connection is achieved. On the client, add those configuration options for the server to ssh_config. You should notice a speed up on the next attempt as unused methods will be skipped man 5 ssh_config has all the details -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 21:49, schrieb Alan McKinnon: I've also noticed slowdowns recently, I think it's the new ciphers likes ecdsa. Try this: Connect using ssh -vvv and examine the output to find which of the various ciphers and algorithms are used once connection is achieved. On the client, add those configuration options for the server to ssh_config. You should notice a speed up on the next attempt as unused methods will be skipped man 5 ssh_config has all the details ;-) thanks, Alan. Did you already find out what options to set? Aside from that, I wonder why we as users have to do that and why it isn't set up as good as possible by the coders of openssh. I will see if I can figure out what to do ... Stefan
Re: [gentoo-user] Re: ssh rekeying slow ?
On 25/06/2014 23:10, Stefan G. Weichinger wrote: Am 25.06.2014 21:49, schrieb Alan McKinnon: I've also noticed slowdowns recently, I think it's the new ciphers likes ecdsa. Try this: Connect using ssh -vvv and examine the output to find which of the various ciphers and algorithms are used once connection is achieved. On the client, add those configuration options for the server to ssh_config. You should notice a speed up on the next attempt as unused methods will be skipped man 5 ssh_config has all the details ;-) thanks, Alan. Did you already find out what options to set? No, only you can do that. You have to run ssh -vvv and eyeball the output, see what your machines are using. Then add those config settings to ssh_config Aside from that, I wonder why we as users have to do that and why it isn't set up as good as possible by the coders of openssh. Because the openssh developers have no idea what you set up and cannot possibly know. The phrase as good as possible has no meaning here as the options out there in the wild as whatever they happen to be. I will see if I can figure out what to do ... ssh -vvv then look -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 23:10, schrieb Stefan G. Weichinger: I will see if I can figure out what to do ... To me it looks as if my issue is related to this line in the logs: Jun 25 23:30:45 mythtv sshd[5387]: pam_systemd(sshd:session): Failed to create session: Connection timed out hmm ...
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 23:31, schrieb Alan McKinnon: Because the openssh developers have no idea what you set up and cannot possibly know. The phrase as good as possible has no meaning here as the options out there in the wild as whatever they happen to be. Having users installing their software with the default config isn't that wild or unpredictable for them, I assume. anyway Stefan
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 23:31, schrieb Stefan G. Weichinger: Am 25.06.2014 23:10, schrieb Stefan G. Weichinger: I will see if I can figure out what to do ... To me it looks as if my issue is related to this line in the logs: Jun 25 23:30:45 mythtv sshd[5387]: pam_systemd(sshd:session): Failed to create session: Connection timed out hmm ... yes. edited /etc/pam.d/system-auth and commented this line (to be disabled): #-sessionoptionalpam_systemd.so Immediate logins now. Other people on the web face(d) that as well, according to google. S
Re: [gentoo-user] Re: ssh rekeying slow ?
On Wednesday 25 Jun 2014 22:10:42 Stefan G. Weichinger wrote: Am 25.06.2014 21:49, schrieb Alan McKinnon: I've also noticed slowdowns recently, I think it's the new ciphers likes ecdsa. Try this: Connect using ssh -vvv and examine the output to find which of the various ciphers and algorithms are used once connection is achieved. On the client, add those configuration options for the server to ssh_config. You should notice a speed up on the next attempt as unused methods will be skipped man 5 ssh_config has all the details ;-) thanks, Alan. Did you already find out what options to set? Aside from that, I wonder why we as users have to do that and why it isn't set up as good as possible by the coders of openssh. Because the as good as possible datum is being redefined post Snowden. I will see if I can figure out what to do ... The Better Crypto team suggest: Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com,aes128- g...@openssh.com,aes256-ctr,aes128-ctr MACs hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128- e...@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 KexAlgorithms curve25519-sha...@libssh.org,diffie-hellman-group-exchange- sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 The above may be OTT for ssh connections between machines within a trusted LAN. As has already been mentioned if you choose your favourite crypto and strip out all the rest, then the negotiation ought to be faster between modern PCs. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: ssh rekeying slow ?
James wirel...@tampabay.rr.com wrote: Stefan G. Weichinger lists at xunil.at writes: When I ssh into a server in my basement, this takes way more time than usual. Does anyone have an idea what I could do to fix that? ssh has an ordered array of negotiations between systems that are related to the version numbers of ssh and the other configurations. There is usually a mismatch, when it takes too long to start a session, in my experience. I did not look at the specifics you posted. I had a problem like that and solved it by changine UseDNS no because it is trying to look for reverse dns pointers. This is done on the hosts /etc/ssh/sshd_config . -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 25.06.2014 23:45, schrieb cov...@ccs.covici.com: I had a problem like that and solved it by changine UseDNS no because it is trying to look for reverse dns pointers. This is done on the hosts /etc/ssh/sshd_config . Tried/tested a few hours ago. No change. pam_systemd is (or seems to be) the reason, see my other posting. Stefan
Re: [gentoo-user] Re: ssh rekeying slow ?
Am 26.06.2014 00:20, schrieb Stefan G. Weichinger: pam_systemd is (or seems to be) the reason, see my other posting. maybe it would be also solved by upgrading to the (in terms of gentoo) unstable version 214 of systemd: # equery b pam_systemd.so * Searching for pam_systemd.so ... sys-apps/systemd-212-r5 (/lib64/security/pam_systemd.so) I will check tomorrow or so, late here. Stefan
Re: [gentoo-user] Re: ssh rekeying slow ?
Stefan G. Weichinger li...@xunil.at wrote: Am 25.06.2014 23:45, schrieb cov...@ccs.covici.com: I had a problem like that and solved it by changine UseDNS no because it is trying to look for reverse dns pointers. This is done on the hosts /etc/ssh/sshd_config . Tried/tested a few hours ago. No change. pam_systemd is (or seems to be) the reason, see my other posting. hmmm, I don't even have that file, I guess I am glad. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
