- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: What is the Fastest Authentication Protocols f...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 11:31 AM
12-13-2007 11:31 AM
			
				
					
						
							What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Ok, I am not a security expert so dont flame me, just let me know what should we use for light security as most of the connections pass encrypted data from remote programmes and batch jobs etc, so we dont need to double encrypt, I am thinking this is the problem, sorry for not providing more info, but let me know what the consensus is.
TIA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 11:52 AM
12-13-2007 11:52 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Disable dns in sshd_config:
UseDNS no
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 11:52 AM
12-13-2007 11:52 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
For HP-UX 11.11 (11i v1) and higher you can install the KRNG (Kernel random number generator) package and that helps authentication speed immensely.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 12:09 PM
12-13-2007 12:09 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 12:50 PM
12-13-2007 12:50 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Will look into btmp and wtmp cleanup.
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 01:18 PM
12-13-2007 01:18 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
I saw recently a suggestion to speed this up, and it was to make your machine a downstream end-level dns resolver, that way you'll have all that stuff cached up and close by on your own server, and you won't have to wait for a resolution... or you can just add developer's IP addresses to your /etc/hosts file - doesn't hurt anything...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 01:24 PM
12-13-2007 01:24 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
also post sshd_conf file.
so that we can verify.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2007 07:30 PM
12-13-2007 07:30 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Then update sshd_config as below,
UsePrivilegeSeparation no
#Compression yes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2007 05:09 AM
12-14-2007 05:09 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2007 06:06 AM
12-14-2007 06:06 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2007 10:36 AM
12-14-2007 10:36 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
:RNG is ready, skipping seeding
:sh_connect: needpriv 0
does this mean anything?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2007 11:46 AM
12-14-2007 11:46 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Here is the procedure to do that..(tested)
1. Ensure that the wtmp file is not corrupt by running a last on your user id:
# last ` who am i `
2. Convert the wtmp file to ascii into a file system that has sufficient space:
# cat /var/adm/wtmp | /usr/sbin/acct/fwtmp > /tmp/ascii_wtmp
3. Determine the number of lines in the ascii file, take 10% of that value, and subtract that from total number of lines:
# lines=`cat /tmp/ascii_wtmp | wc -l`;lines2=`expr $lines / 10`; export lines3=`expr $lines - $lines2`;echo $lines3
4. Start the ascii file from the line number given as output from the above command:
# awk ' ( NR > '$lines3' ) ' /tmp/ascii_wtmp > /tmp/ascii_wtmp2
5. Convert the trimmed ascii file back to binary in place of the original wtmp:
# cat /tmp/ascii_wtmp2 | /usr/sbin/acct/fwtmp -ic > /var/adm/wtmp
6. Verify that the operation was successful
# ll /var/adm/wtmp
# last ` who am i `
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2007 12:05 PM
12-14-2007 12:05 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
But i notice we also have a file "wtmps" in the same dir as wtmp and it is large over 78mb..what is that?
Secondly, since we are on 11.23 so we should have a Random Number Generator built in, but my question is how do i know its running or being used? thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2007 07:02 AM
12-17-2007 07:02 AM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
So at least you could watch the origination and destinations and see where it gets hung up.
I've never had any issues with speed on 11.11 or newer. I only mention the wtmp/btmp because we do have some old 11.00 servers that when those files grow it tends to slow things down. I'm assuming it uses those files to randomly seed your connections. But if it helps great. I would just be surprised if it did.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2007 12:50 PM
12-17-2007 12:50 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
Secondly, since we are on 11.23 so we should have a Random Number Generator built in, but my question is how do i know its running or being used?
watch the screen (RNG is ready, skipping seeding)
#tusc -Eeaf -p -v -rall -wall -vall -T '' -o /tmp/ssh_tusc.txt ssh -vvv root@localhost
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2007 12:23 PM
12-18-2007 12:23 PM
			
				
					
						
							Re: What is the Fastest Authentication Protocols for SSH
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2008 07:46 AM
01-02-2008 07:46 AM
