[Bug 3747] ssh with ldap user account slow every time, local accounts unaffected

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Oct 23 21:37:42 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3747

--- Comment #4 from Craig Emery <craig.emery at arm.com> ---
That's fair. :-)

(In reply to Darren Tucker from comment #3)
> Firstly, since this is a vendor modified binary, ultimately they are
> the ones that will need to help you, unless you or they can
> reproduce the problem with an unmodified OpenSSH as available on
> openssh.com.
> 
> That said, looking through the debug log, the first time sink is:
> 
> Oct 15 12:34:37 ip-10-248-139-188 sshd[501923]: debug1: fd 5
> clearing O_NONBLOCK
> Oct 15 12:34:43 ip-10-248-139-188 sshd[501923]: debug1:
> /home/craeme02/.ssh/authorized_keys:1: matching key found: RSA
> SHA256:EsGSIDs3cY1EdOy67jomy4+XxJYj+tqIT3TUo5wsHgo
> 
> 6 seconds to read a file in the user's home directory.  Are these
> automounted or something?

I think this will have been the first ever LDAP mount of the user home
directory.

JOOI: Is there a DB / file I can remove that deletes the history of how
long things previously took?

So going forward I can see quicker times?

> Oct 15 12:34:46 ip-10-248-139-188 sshd[501923]: debug1: fd 5
> clearing O_NONBLOCK
> Oct 15 12:34:52 ip-10-248-139-188 sshd[501923]: debug1:
> /home/craeme02/.ssh/authorized_keys:1: matching key found: RSA
> SHA256:EsGSIDs3cY1EdOy67jomy4+XxJYj+tqIT3TUo5wsHgo
> 
> Another 6 seconds to read a file.
> 
> (In reply to Craig Emery from comment #1)
> > It's lines like this that stand out for me:
> > 
> > Oct 15 12:34:43 ip-10-248-139-188 sshd[501923]: debug3:
> > ensure_minimum_time_since: elapsed 5689.207ms, delaying 3656.119ms
> > (requested 9.126ms) [preauth]
> > 
> > Why would there be a 3656ms delay during a connection that has no
> > failures. No back off etc.
> 
> Once an authentication has taken some amount of time, sshd will try
> to keep the amount of time consistent for other auth attempts to
> prevent leaking information about user or authentication state via
> timing attacks.  If some operations are slow that carries over to
> other ones.  If you can fix whatever is causing the slowdowns those
> will reduce to match.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list