long ssh communication - SSH

This is a discussion on long ssh communication - SSH ; Hi, I connect from a debian machine with OpenSSH_3.8.1p1 to solaris 9 machines with Sun_SSH_1.0.1 using Perl modul Net::SSH::Perl. It takes several minutes to run a command (who or something). Connecting to a machine with OpenSSH (solaris 8) takes a ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: long ssh communication

  1. long ssh communication

    Hi,

    I connect from a debian machine with OpenSSH_3.8.1p1 to solaris 9
    machines with Sun_SSH_1.0.1 using Perl modul Net::SSH::Perl. It takes
    several minutes to run a command (who or something).

    Connecting to a machine with OpenSSH (solaris 8) takes a second and
    running ssh from a command line to solaris 9 Sun_SSH is also ok. Below
    is debug output.

    Could someone point me where to look at to cut down these times?

    ___START_DEBUGG_OUTPUT___
    Reading configuration data /home/www-data/.ssh/config
    Reading configuration data /etc/ssh_config
    Connecting to host, port 22.
    Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
    Net::SSH::Perl Version 1.28, protocol version 2.0.
    No compat match: Sun_SSH_1.0.1.
    Connection established.
    Sent key-exchange init (KEXINIT), wait response.
    Algorithms, c->s: 3des-cbc hmac-sha1 none
    Algorithms, s->c: 3des-cbc hmac-sha1 none

    ##here waits around a minute

    Entering Diffie-Hellman Group 1 key exchange.
    Sent DH public key, waiting for reply.
    Received host key, type 'ssh-dss'.
    Host 'host' is known and matches the host key.
    Computing shared secret key.

    ##here waits around a minute

    Verifying server signature.

    ##here waits around half a minute

    Waiting for NEWKEYS message.
    Enabling incoming encryption/MAC/compression.
    Send NEWKEYS, enable outgoing encryption/MAC/compression.
    Sending request for user-authentication service.
    Service accepted: ssh-userauth.
    Trying empty user-authentication request.
    Authentication methods that can continue: publickey,password.
    Next method to try is publickey.
    Trying pubkey authentication with key file '/home/www-data/.ssh/id_dsa'
    Login completed, opening dummy shell channel.
    channel 0: new [client-session]
    Requesting channel_open for channel 0.
    channel 0: open confirm rwindow 0 rmax 16384
    Got channel open confirmation, requesting shell.
    Requesting service shell on channel 0.
    channel 1: new [client-session]
    Requesting channel_open for channel 1.
    Entering interactive session.
    Sending command: who
    Requesting service exec on channel 1.
    channel 1: open confirm rwindow 0 rmax 16384
    channel 1: rcvd eof
    channel 1: output open -> drain
    input_channel_request: rtype exit-status reply 0
    channel 1: rcvd close
    channel 1: input open -> closed
    channel 1: close_read
    channel 1: obuf empty
    channel 1: output drain -> closed
    channel 1: close_write
    channel 1: send close
    channel 1: full closed


    Many thanks.

    --
    Radek

  2. Re: long ssh communication

    rahed wrote:

    > Hi,
    >
    > I connect from a debian machine with OpenSSH_3.8.1p1 to solaris 9
    > machines with Sun_SSH_1.0.1 using Perl modul Net::SSH::Perl. It takes
    > several minutes to run a command (who or something).
    >
    > Connecting to a machine with OpenSSH (solaris 8) takes a second and
    > running ssh from a command line to solaris 9 Sun_SSH is also ok. Below
    > is debug output.
    >
    > Could someone point me where to look at to cut down these times?
    >
    > ___START_DEBUGG_OUTPUT___
    > Reading configuration data /home/www-data/.ssh/config
    > Reading configuration data /etc/ssh_config
    > Connecting to host, port 22.
    > Remote protocol version 2.0, remote software version Sun_SSH_1.0.1
    > Net::SSH::Perl Version 1.28, protocol version 2.0.
    > No compat match: Sun_SSH_1.0.1.
    > Connection established.
    > Sent key-exchange init (KEXINIT), wait response.
    > Algorithms, c->s: 3des-cbc hmac-sha1 none
    > Algorithms, s->c: 3des-cbc hmac-sha1 none
    >
    > ##here waits around a minute
    >
    > Entering Diffie-Hellman Group 1 key exchange.
    > Sent DH public key, waiting for reply.
    > Received host key, type 'ssh-dss'.
    > Host 'host' is known and matches the host key.
    > Computing shared secret key.
    >
    > ##here waits around a minute
    >
    > Verifying server signature.
    >
    > ##here waits around half a minute
    >
    > Waiting for NEWKEYS message.
    > Enabling incoming encryption/MAC/compression.
    > Send NEWKEYS, enable outgoing encryption/MAC/compression.
    > Sending request for user-authentication service.
    > Service accepted: ssh-userauth.
    > Trying empty user-authentication request.
    > Authentication methods that can continue: publickey,password.
    > Next method to try is publickey.
    > Trying pubkey authentication with key file '/home/www-data/.ssh/id_dsa'
    > Login completed, opening dummy shell channel.
    > channel 0: new [client-session]
    > Requesting channel_open for channel 0.
    > channel 0: open confirm rwindow 0 rmax 16384
    > Got channel open confirmation, requesting shell.
    > Requesting service shell on channel 0.
    > channel 1: new [client-session]
    > Requesting channel_open for channel 1.
    > Entering interactive session.
    > Sending command: who
    > Requesting service exec on channel 1.
    > channel 1: open confirm rwindow 0 rmax 16384
    > channel 1: rcvd eof
    > channel 1: output open -> drain
    > input_channel_request: rtype exit-status reply 0
    > channel 1: rcvd close
    > channel 1: input open -> closed
    > channel 1: close_read
    > channel 1: obuf empty
    > channel 1: output drain -> closed
    > channel 1: close_write
    > channel 1: send close
    > channel 1: full closed
    >
    >
    > Many thanks.
    >


    Perl is and interpreted language and you should expect performance
    penalty. You haven't told on what processor Debian box runs.

    --
    kind regards,
    Claudiu Costin

  3. Re: long ssh communication


    > ##here waits around a minute
    >
    > Entering Diffie-Hellman Group 1 key exchange.
    > Sent DH public key, waiting for reply.
    > Received host key, type 'ssh-dss'.
    > Host 'host' is known and matches the host key.
    > Computing shared secret key.
    >
    > ##here waits around a minute
    >
    > Verifying server signature.
    >
    > ##here waits around half a minute


    These are the public-key operations: the Diffie-Hellman key agreement and
    server host key verification. They are the most computationally intensive
    part of the connection setup and hence most likely to take a while if the
    implementation or host are slow.

    - Richard

  4. Re: long ssh communication

    Claudiu Costin writes:

    > Perl is and interpreted language and you should expect performance
    > penalty. You haven't told on what processor Debian box runs.
    >
    > --
    > kind regards,
    > Claudiu Costin


    From the debian machine I get times below 3 seconds when connecting to
    OpenSSH server but connecting to Sun_SSH it's in the order of minutes. I
    don't think it's Perl interpreter fault.

    The debian machine has a 550MHz processor. Interestingly connecting from
    solaris 650 MHz to Sun_SSH server time to output the command is 3
    seconds.

    Thank you.
    --
    Radek

  5. Re: long ssh communication

    On 2006-02-16, rahed wrote:
    > I connect from a debian machine with OpenSSH_3.8.1p1 to solaris 9
    > machines with Sun_SSH_1.0.1 using Perl modul Net::SSH::Perl. It takes
    > several minutes to run a command (who or something).


    Do other clients (eg OpenSSH) exhibit the same delays?

    > Connecting to a machine with OpenSSH (solaris 8) takes a second and
    > running ssh from a command line to solaris 9 Sun_SSH is also ok. Below
    > is debug output.


    What sizes are the host keys on those systems?

    > Could someone point me where to look at to cut down these times?


    A good place to start: http://www.openssh.com/faq.html#3.3

    [...]
    > Algorithms, s->c: 3des-cbc hmac-sha1 none
    > ##here waits around a minute


    How much CPU is the perl client using at this point?

    [...]
    > Computing shared secret key.
    > ##here waits around a minute


    How much CPU is the perl client using at this point?

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  6. Re: long ssh communication

    Darren Tucker writes:

    > On 2006-02-16, rahed wrote:
    >> I connect from a debian machine with OpenSSH_3.8.1p1 to solaris 9
    >> machines with Sun_SSH_1.0.1 using Perl modul Net::SSH::Perl. It takes
    >> several minutes to run a command (who or something).

    >
    > Do other clients (eg OpenSSH) exhibit the same delays?
    >


    No.

    >> Connecting to a machine with OpenSSH (solaris 8) takes a second and
    >> running ssh from a command line to solaris 9 Sun_SSH is also ok. Below
    >> is debug output.

    >
    > What sizes are the host keys on those systems?


    1024 bits

    >> Could someone point me where to look at to cut down these times?

    >
    > A good place to start: http://www.openssh.com/faq.html#3.3
    >

    Thanks.

    >> Algorithms, s->c: 3des-cbc hmac-sha1 none
    >> ##here waits around a minute

    >
    > How much CPU is the perl client using at this point?
    >
    >> Computing shared secret key.
    >> ##here waits around a minute

    >
    > How much CPU is the perl client using at this point?


    99% CPU through the ssh communication.

    I added Perl modul Math::BigInt::GMP on the client side and times are
    now under 3 seconds.
    Though I don't understand why from another machine without this modul
    the times are also under 3 seconds.

    Thank you for help.

    --
    Radek

+ Reply to Thread