New snapshot
Christian Weisgerber
naddy at mips.inka.de
Fri Nov 17 03:24:16 EST 2000
Damien Miller <djm at mindrot.org> wrote:
> - Key generation is quicker (DSA parameter generation is slow and
> computationally intensive)
>
> - Verification of signatures (and thus authentication) can be an order
> of magnitude faster with RSA. Signing is a little slower.
FWIW, I have SSH2/RSA up and running on two OpenBSD boxes, and it
appears to work fine.
Unfortunately, SSH2 connection setup is still unusably slow on
slower machines. For some reason I always tend to have some old
machines at hand. One of my current toys is a Cyrix 486DX2-66 box
that may yet end up as a console server. Starting up an SSH2
connection to that machine takes forever. From "ssh -v", the
computationally intensive part is here:
...
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 1037/2049
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
...
Those "Wait..." bits take more than a minute each.
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list