HPE Community
Operating System - HP-UX
1826420 Members
3131 Online
109692 Solutions
New Discussion

ssh takes a long to login (ssh_prng_cmds)

 
SOLVED
Go to solution
Unix Administrator_5
Frequent Advisor

‎12-19-2003 02:13 AM

‎12-19-2003 02:13 AM

ssh takes a long to login (ssh_prng_cmds)

I have hp's version of ssh running on HPUX 11.0

When I try ot ssh to another system -- it takes a long time to connect. By commenting out several of the cmds in ssh_prng_cmds i have reduced this time considerably.

However, it still takes 5 - 10 seconds, and I am thinging that much of this comes from the cmds. Is there a safe workaround to this? any way of generating enough output to generate an adequate psuedo random number in less time?
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎12-19-2003 02:15 AM

‎12-19-2003 02:15 AM

Re: ssh takes a long to login (ssh_prng_cmds)

The newer version of Secure Shell 3.5 and up deal with this issue substantially.

http://software.hp.com

Search for Secure Shell(SEP is lazy today)

Its not a complete fix for 11.00 because there is no strong random number generator add in for 11.00.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
RAC_1
Honored Contributor

‎12-19-2003 02:17 AM

‎12-19-2003 02:17 AM

Re: ssh takes a long to login (ssh_prng_cmds)

This is beacuse of random number generation.
HP has free random number generator product.

You need to configure ssh to use that.

There is very good article by Chris Wong on this.

Search the forum.
There is no substitute to HARDWORK
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-19-2003 02:24 AM

‎12-19-2003 02:24 AM

Re: ssh takes a long to login (ssh_prng_cmds)

Hi,

HP has a rather new product - KRNG11I I believe is the name - which will alleviate the need to generatet pseudo random numbers via the commands.
But this is for 11iv1 or higher only.
Can be had here:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I

And it's included with SSH ver A.03.61.001 - here

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Unix Administrator_5
Frequent Advisor

‎12-19-2003 02:34 AM

‎12-19-2003 02:34 AM

Re: ssh takes a long to login (ssh_prng_cmds)

It is my understanding that the free product is for 11i not 11.0

Is there anyway to reduct the amount of time that it takes to product this random number.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-19-2003 02:38 AM

‎12-19-2003 02:38 AM

Solution

Re: ssh takes a long to login (ssh_prng_cmds)

Hi,

Yes, look over the commands in the ssh_prng_cmds file & determine just *which* commands are the time hogs & replace them with faster running commands.

BTW - 11.0 will be discontinued at the end of FEB coming up, so now is the time to start planning your 11i upgrade & you now have a good reason to do so.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Unix Administrator_5
Frequent Advisor

‎12-19-2003 04:27 AM

‎12-19-2003 04:27 AM

Re: ssh takes a long to login (ssh_prng_cmds)

Does it matter what commands I use?
And what should the entropy be for the commands?
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-19-2003 05:25 AM

‎12-19-2003 05:25 AM

Re: ssh takes a long to login (ssh_prng_cmds)

Hi,

1) Not really (As you'll see)

2) Entropy should be based on the inherent randomness of the command's output. For EX an ioscan -fn or netstat -in command output will rarely change. But ps, vmstat & tails of log files will change frequently. BUT you have to balance using TOO many bits of the VERY random commands or the calculations will take much longer.

Which brings us to the another point - that it's possible to speed up your SSH calculations by not only changing commands, but by varying the entropy or bits per byte collected from the prng commands.
Experiment a little. Look over the file & if you have large (0.05, 0.06, 0.07, etc) values for a LOT of the real random commands, you might try lowering some of those values and increasing them on the commands that aren't so random & mitigate the problem w/o having to change commands at all.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Pratyush Paul_1
Valued Contributor

‎12-19-2003 01:45 PM

‎12-19-2003 01:45 PM

Re: ssh takes a long to login (ssh_prng_cmds)

Hi -

You need to use prngd in order to make ssh work efficently. I would suggest that you down load the latest openssh and compile it on your system, this is what you use to compile and build openssh 3.7.p1

#./configure --prefix=/opt/openssh --sysconfdir=/etc/ssh --with-prngd
#make
#make test
#make install.

Please note you have to use openssl 0.9.7c and zlib 1.1.4

Let me know if you need any additional support.

thanks

Pratyush
Die Hard
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.