Subject: Re: ssh / sshd
To: None <port-sparc@NetBSD.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: port-sparc
Date: 06/06/2004 15:31:59
> When a new session is established, a private session key is generated
> by the server. This is the pause you are seeing when ssh'ing to
> sparc machines.
No, actually. Go read the spec - a session key is generated, but it
(a) is done in a fairly fast way (by hashing data derived from key
exchange) and (b) is done by both ends. It's the key exchange itself
that's slow.
If you're using diffie-hellman-group-exchange-sha1 rather than
diffie-hellman-group1-sha1, the server does have to generate some stuff
for key exchange, but SPARCs are slow even when using
diffie-hellman-group1-sha1.
I haven't profiled the code, so I don't know exactly what it is that's
slow (though I suspect the modular exponentiation involved in
public-key operations). But I _have_ done enough work to be certain
that it's key exchange that's slow, rather than the generating of
session keys after key exchange completes. (Well, in my experience. I
suppose it's conceivable that some implementation is sufficiently
stupid that key generation takes a nontrivial time, but it seems
unlikely.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B