[Freeciv-Dev] Re: client/server authentication (PR#1767)

["ChrisK@xxxxxxxx" <ChrisK@xxxxxxxx>]

On Fri, Jun 06, 2003 at 06:02:38AM -0700, Raimar Falke wrote:
> On Wed, Jun 04, 2003 at 01:47:17PM -0700, ChrisK@xxxxxxxx wrote:
> > On Wed, Jun 04, 2003 at 10:01:24AM -0700, Reinier Post wrote:
> > > > > I didn't test the patch yet but this sounds wrong. There shouldn't be
> > > > > a timeout for a good password.
> > > > 
> > > > You mean a delay?
> > > > 
> > > > But that is what ssh does. Needs to be, over net, I think.
> > > 
> > > No, the delay is only set if the password is found to be incorrect.
> > > Same with /bin/login.
> > 
> > SSH does a delay *before* it asks for the password (or is this my slow
> > machines?). Then it limits the guesses.
> 
> 
> The main delay here is between
>   debug1: ssh_connect: getuid 500 geteuid 0 anon 1
> and
>   debug1: Connecting to www.freeciv.org [64.37.156.68] port 22.
> 
> Strace with -tt reveals:
[...]
> So at least in my case I get a 1.5s delay because of the DNS loopkup.

Here is 'my' 2 sec delay (in LAN, without DNS):

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
15:58:43.789929 write(3, "\0\0\1\f\6 \0\0\1\0n5\373y\4|IS\26\311f\...
15:58:43.790422 select(4, [3], NULL, NULL, NULL) = 1 (in [3])
15:58:45.783546 read(3, "\0\0\2\374\4!\0\0\1\262\0\0\0\7ssh-dss\0\...
...
debug1: Host 'bolte' is known and matches the DSA host key.

Whatever that means. Server is a P II-200.

Christian

PS: Of course this is pathword auth. A key auth won't need a delay.

-- 
Christian Knoke     * * *      http://www.enter.de/~c.knoke/
* * * * * * * * *  Ceterum censeo Microsoft esse dividendum.