bugzilla-daemon at mindrot.org
2003-Dec-04 19:12 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 Summary: dh-group-exchange should be configurable off in client and server Product: Portable OpenSSH Version: 3.7p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: jacobn+mindrot at chiark.greenend.org.uk I have observed the extra overhead of dh-group-exchange to cause people to switch from using SSH-2 back to SSH-1, in several contexts. This is unfortunate, as SSH-2 with the default group is still presumably several miles more secure than SSH-1. The OpenSSH client and server should both allow dh-group-exchange to be turned off (and in general, allow configuration of kex method preferences). Supporting data: On slow machines (e.g., 486-class, old SPARCs), dh-gex takes an unreasonably long time (e.g., 14 seconds for gex followed by kex on a SS20 server). Disabling gex (at the client end - there's a config option in PuTTY) gives a much more sensible delay (2 seconds). Also, from draft-ietf-secsh-architecture-15.txt: The following policy issues SHOULD be addressed in the configuration mechanisms of each implementation: [...] o Public key algorithms and key exchange method to be used for host authentication. (No patch though, sorry. Also, apologies if this has been addressed recently; I was going off the man pages on openssh.com.) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-04 21:33 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From markus at openbsd.org 2003-12-04 14:33 ------- what group size does the client ask for? i don't think it's the additional message in gex, but the group size matters. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-04 23:03 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From jacobn+mindrot at chiark.greenend.org.uk 2003-12-04 16:03 ------- Erm, I hadn't taken into account what PuTTY asks for. It appears to use old-style GEX (no min/max) and, I believe, asks for up to a 2048-bit group (don't know offhand what it used in this instance). Even with an OpenSSH_3.4p1 client it's still rather slow, though. I get a 7-10sec delay to the same host (from a reasonably fast client), which I think is enough to cause people to avoid SSH-2. e.g. debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 133/256 debug1: bits set: 1616/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY [delay 8.8sec here] debug1: Host 'foon.spork.example.org' is known and matches the RSA host key. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-05 17:43 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From markus at openbsd.org 2003-12-05 10:43 ------- Created an attachment (id=506) --> (http://bugzilla.mindrot.org/attachment.cgi?id=506&action=view) patch for ssh client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-05 17:43 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From markus at openbsd.org 2003-12-05 10:43 ------- Created an attachment (id=507) --> (http://bugzilla.mindrot.org/attachment.cgi?id=507&action=view) patch for ssh client. what about this? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-05 17:44 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #506 is|1 |0 patch| | Attachment #506 is|0 |1 obsolete| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-05 17:44 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #506|patch for ssh client. |duplicate description| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-09 14:11 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From jacobn+mindrot at chiark.greenend.org.uk 2003-12-09 07:11 ------- Sorry, I haven't had a chance to try this out yet. Is it a harmless performance improvement? (I'm clueless.) Do I take it that you believe the issue of people not using SSH-2 can/should be addressed by performance improvements, rather than by adding performance- related configuration options? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-23 07:07 UTC
[Bug 769] dh-group-exchange should be configurable off in client and server
http://bugzilla.mindrot.org/show_bug.cgi?id=769 ------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:07 ------- Also, the supplied moduli file has moduli one bit smaller than what sshd is looking for, so it ends up using the next size up resulting in a speed penalty. The combination of Markus' patch (now in -current) and a replacement moduli file (eg http://www.zip.com.au/~dtucker/openssh/moduli) results in a significant improvement. The server is a 170MHz SPARC: $ time ssh -2 myserver true # 3.7.1p2 real 0m2.750s $ time ssh -2 myserver true # new moduli real 0m1.167s $ time ssh -2 myserver true # new moduli+patch real 0m1.130s BTW compiling (openssh+openssl) on SPARCs with v8 instructions (eg "gcc -mv8") enables the use of the hardware multiply which is significantly quicker. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 769] dh-group-exchange should be configurable off in client and server
- DH Group Exchange Fallback
- [Bug 2303] New: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX
- DH Group Exchange Fallback
- DH Group Exchange Fallback