From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: ssh rekeying slow ?
Date: Wed, 25 Jun 2014 23:13:35 +0100 [thread overview]
Message-ID: <201406252313.46606.michaelkintzios@gmail.com> (raw)
In-Reply-To: <53AB3AD2.7020701@xunil.at>
[-- Attachment #1: Type: Text/Plain, Size: 1649 bytes --]
On Wednesday 25 Jun 2014 22:10:42 Stefan G. Weichinger wrote:
> Am 25.06.2014 21:49, schrieb Alan McKinnon:
> > I've also noticed slowdowns recently, I think it's the new ciphers likes
> > ecdsa. Try this:
> >
> > Connect using ssh -vvv and examine the output to find which of the
> > various ciphers and algorithms are used once connection is achieved. On
> > the client, add those configuration options for the server to
> > ssh_config. You should notice a speed up on the next attempt as unused
> > methods will be skipped
> >
> > man 5 ssh_config
> >
> > has all the details
>
> ;-)
>
> thanks, Alan.
>
> Did you already find out what options to set?
>
> Aside from that, I wonder why we as users have to do that and why it
> isn't set up "as good as possible" by the coders of openssh.
Because the "as good as possible" datum is being redefined post Snowden.
> I will see if I can figure out what to do ...
The Better Crypto team suggest:
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-
gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-
etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-
sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
The above may be OTT for ssh connections between machines within a trusted
LAN. As has already been mentioned if you choose your favourite crypto and
strip out all the rest, then the negotiation ought to be faster between modern
PCs.
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
next prev parent reply other threads:[~2014-06-25 22:14 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-25 10:18 [gentoo-user] ssh rekeying slow ? Stefan G. Weichinger
2014-06-25 18:30 ` [gentoo-user] " James
2014-06-25 18:41 ` Stefan G. Weichinger
2014-06-25 19:49 ` Alan McKinnon
2014-06-25 21:10 ` Stefan G. Weichinger
2014-06-25 21:31 ` Alan McKinnon
2014-06-25 21:38 ` Stefan G. Weichinger
2014-06-25 21:31 ` Stefan G. Weichinger
2014-06-25 21:43 ` Stefan G. Weichinger
2014-06-25 22:13 ` Mick [this message]
2014-06-25 21:45 ` covici
2014-06-25 22:20 ` Stefan G. Weichinger
2014-06-25 22:34 ` Stefan G. Weichinger
2014-06-25 22:52 ` covici
2014-06-26 4:07 ` [gentoo-user] " Dale
2014-06-26 10:45 ` Stefan G. Weichinger
2014-06-26 10:54 ` Alan McKinnon
2014-06-26 13:12 ` Stefan G. Weichinger
2014-06-26 21:35 ` Alan McKinnon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201406252313.46606.michaelkintzios@gmail.com \
--to=michaelkintzios@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox