SSH time increased significantly after upgrade to OpenSSH 9.6p1
Darren Tucker
dtucker at dtucker.net
Sun Jul 28 22:51:35 AEST 2024
On Sun, 28 Jul 2024 at 22:34, radiatejava <radiatejava at gmail.com> wrote:
> We upgraded sshd in our product from OpenSSH 8.6 to OpenSSH 9,.6.
> After the upgrade, clients are seeing significant increase in time to
> do ssh to the listener. Normally, a single ssh does not matter much
> but some of our workflows involve about 3000 to 4000 ssh connect and
> close and this is hitting us hard,
Aside: could you use connection multiplexing for this case?
> I enabled logging on the server side. I see the most of the increase
> is here in receiving 'SSH2_MSG_KEX_ECDH_INIT received'. There is
> increase of about 336221 - 150435 = ~185 msec.
Here's the reason:
> //OpenSSH 9.6p1 logs
> Jul 23 17:42:50.150288 ifav87-apic2 sshd[1090464]: debug1: kex:
> algorithm: sntrup761x25519-sha512 at openssh.com [preauth]
> //OpenSSH 8.6p1
> Jul 23 17:32:24.932126 apic2 sshd[342983]: debug1: kex: algorithm:
> curve25519-sha256 [preauth]
OpenSSH 9.0 introduced a quantum resistant hybrid kex method as the
highest priority method. Quoting
https://www.openssh.com/releasenotes.html#9.0:
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512 at openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
This is more expensive than the previous defaults. You can disable
this if necessary on either the server or client configs, see
KexAlgorithms in ssh_config(5) and sshd_config(5).
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list