Subject: Re: SSH on NetBSD 1.5.2, authentication slow?
To: Aaron J. Grier <agrier@poofygoof.com>
From: Johnny Billquist <bqt@update.uu.se>
List: netbsd-users
Date: 03/18/2003 10:36:05
On Mon, 17 Mar 2003, Aaron J. Grier wrote:

> On Mon, Mar 17, 2003 at 12:37:06PM +0200, Tom Javen wrote:
> 
> > 105 seconds on 50MHz 486 , 1.5.2.
> > Protocol version 1 was "fast" , 2 is slow.
> 
> what does 'openssl speed dsa' yield for results?
> 
> as far as I'm aware, DSA is used to sign the initial diffie-hellman
> exchanges in ssh v2 and is usually the slowing factor for older
> machines.  compilation flags for architectures can have significant
> effects.

Interesting...

This on my VAX 8650 (and the machine was not really idle):

Krille:benchmarks/whetstone# openssl speed dsa
To get the most accurate results, try to run this
program when this computer is idle.
Doing 512 bit sign dsa's for 10s: 7 512 bit DSA signs in 4.71s
Doing 512 bit verify dsa's for 10s: 6 512 bit DSA verify in 5.15s
Doing 1024 bit sign dsa's for 10s: 3 1024 bit DSA signs in 6.79s
Doing 1024 bit verify dsa's for 10s: 2 1024 bit DSA verify in 5.53s
OpenSSL 0.9.6g 9 Aug 2002
built on: NetBSD 1.6N
options:bn(32,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) blowfish(idx) 
compiler: gcc version 2.95.3 20010315 (release) (NetBSD nb4)
                  sign    verify    sign/s verify/s
dsa  512 bits   0.6730s   0.8579s      1.5      1.2
dsa 1024 bits   2.2629s   2.7642s      0.4      0.4


But, trying to use ssh v2 to connect, I usually get a timeout and fail to
connect. using v1 takes about 5 seconds to connect.

So, if this is the slowing factor, something must be funny here.

	Johnny

Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email: bqt@update.uu.se           ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol