[Bug 440] Protocol 1 server key generated at start up even when P1 not used

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 1 01:37:18 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=440


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1429|                            |ok?
               Flag|                            |




--- Comment #7 from Darren Tucker <dtucker at zip.com.au>  2008-01-01 01:37:15 ---
Created an attachment (id=1429)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1429)
Generate ephemeral key in inetd mode only for protocol 1 connections

I took another look at this and I think I now know why the original
patch broke protocol 1 (although the patch is now a dead link, so I
can't check).

I think the generation of the ephemeral key was moved to after the
privsep split, which would mean that the key was generated in the
pre-auth privsep slave and not in the monitor where it's needed).

The attached patch fixes this and speeds up "ssh -2 server true" from
around 680 ms to 490 ms on a 1.7GHz Celeron.  It passes the regress
tests, which it also speeds up by about 5% (there's lots of sleeps in
the test suite, so the speedup is not as significant).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the openssh-bugs mailing list