bugzilla-daemon at mindrot.org
2024-Dec-23 02:38 UTC
[Bug 3768] New: Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768 Bug ID: 3768 Summary: Whether to add a switch to control whether to enable the hostkeys rotation mechanism. Product: Portable OpenSSH Version: 9.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: bty at mail.ustc.edu.cn If the public key configuration file is not specified, sshd polls all public keys, which affects the SCP performance in scenarios where multiple small files are transmitted. Whether to add a switch to control whether to enable the public key rotation mechanism. https://github.com/openssh/openssh-portable/blob/826483d51a9fee60703298bbf839d9ce37943474/sshd-session.c#L577 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-24 06:17 UTC
[Bug 3768] Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- This is possible on the client using UpdateHostkeys=no -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-11 08:53 UTC
[Bug 3768] Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768 --- Comment #2 from bitianyuan <bty at mail.ustc.edu.cn> --- After observation, we find that the performance deterioration is not caused by the public key rotation mechanism itself. Instead, the SSH2_MSG_CHANNEL_OPEN_CONFIRMATION message is sent again after the public key is sent. However, the client does not need to send any message (the SSH2_MSG_CHANNEL_Open and SSH2_MSG_GLOBAL_REQUEST messages have been sent). Therefore, after the client receives the message, the kernel waits for 40 ms to send an ACK message. As a result, the server kernel needs to wait until the ACK with a delay of 40 ms is received when sending SSH2_MSG_CHANNEL_OPEN_CONFIRMATION. In fact, the client and server set the socket status to TCP_NODELAY after the channel is established (received). Whether the TCP_NODELAY setting operation can be advanced until the identity authentication is complete. We can also add a configuration option. When users are sensitive to performance, TCP_NODELAY is set after the TCP connection between the server and client is established. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-14 12:26 UTC
[Bug 3768] Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768 --- Comment #3 from bitianyuan <bty at mail.ustc.edu.cn> --- I filed a pull request on github: https://github.com/openssh/openssh-portable/pull/551 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jan-14 12:27 UTC
[Bug 3768] Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
https://bugzilla.mindrot.org/show_bug.cgi?id=3768 --- Comment #4 from bitianyuan <bty at mail.ustc.edu.cn> --- I filed a pull request on github: https://github.com/openssh/openssh-portable/pull/551 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 3656] New: How to fix row hammer attacks?
- [Bug 3825] New: SFTP soft link security problem
- Protocol 2 remote forwarding patch
- DO NOT REPLY [Bug 3768] New: --no-specials in Rsync 2.6.8 breaks compatibility with 2.6.0-r6 Mirroring system
- 2.9p2 behaves different from 2.5.2p2 on tunneling issue