[Freeciv-Dev] Re: client/server authentication (PR#1767)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Fri, Jun 06, 2003 at 07:11:23AM -0700, ChrisK@xxxxxxxx wrote:
> On Fri, Jun 06, 2003 at 06:02:38AM -0700, Raimar Falke wrote:
> > On Wed, Jun 04, 2003 at 01:47:17PM -0700, ChrisK@xxxxxxxx wrote:
> > > On Wed, Jun 04, 2003 at 10:01:24AM -0700, Reinier Post wrote:
> > > > > > I didn't test the patch yet but this sounds wrong. There shouldn't
> > > > > > be
> > > > > > a timeout for a good password.
> > > > >
> > > > > You mean a delay?
> > > > >
> > > > > But that is what ssh does. Needs to be, over net, I think.
> > > >
> > > > No, the delay is only set if the password is found to be incorrect.
> > > > Same with /bin/login.
> > >
> > > SSH does a delay *before* it asks for the password (or is this my slow
> > > machines?). Then it limits the guesses.
> >
> >
> > The main delay here is between
> > debug1: ssh_connect: getuid 500 geteuid 0 anon 1
> > and
> > debug1: Connecting to www.freeciv.org [64.37.156.68] port 22.
> >
> > Strace with -tt reveals:
> [...]
> > So at least in my case I get a 1.5s delay because of the DNS loopkup.
>
> Here is 'my' 2 sec delay (in LAN, without DNS):
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> 15:58:43.789929 write(3, "\0\0\1\f\6 \0\0\1\0n5\373y\4|IS\26\311f\...
> 15:58:43.790422 select(4, [3], NULL, NULL, NULL) = 1 (in [3])
> 15:58:45.783546 read(3, "\0\0\2\374\4!\0\0\1\262\0\0\0\7ssh-dss\0\...
> ...
> debug1: Host 'bolte' is known and matches the DSA host key.
>
> Whatever that means. Server is a P II-200.
16:20:51.003441 write(2, "debug1: expecting SSH2_MSG_KEXDH"..., 40) = 40
16:20:51.005534 write(3,
"\0\0\0\214\6\36\0\0\0\200R\37\177\0064D\"\326\rd\362m\321"..., 144) = 144
16:20:51.005744 select(4, [3], NULL, NULL, NULL) = 1 (in [3])
16:20:51.782214 read(3,
"\0\0\1\274\t\37\0\0\0\225\0\0\0\7ssh-rsa\0\0\0\1#\0\0\0"..., 8192) = 448
...
16:20:51.794511 write(2, "debug1: Host \'www.freeciv.org\' i"..., 71) = 71
I suspect that it is really limited by the speed of the server CPU. It
is also limited to protocol version 2.
With local loopback (ssh user@localhost) I got on my P2-400 a delay of
0.45s. On rt.freeciv.org (AMD Athlon 750) it is however 0.07s.
See also http://mail-index.netbsd.org/port-mac68k/2002/07/23/0001.html.
Raimar
--
email: rf13@xxxxxxxxxxxxxxxxx
"> WHY?! Isn't it better to put $(shell cat cscope.files) on the list of
I only have a yellow belt in makefile kungfu. These fancy gnu make things
are relatively new to some of us..."
-- Mark Frazer to Vassilii Khachaturov in linux-kernel
|
|
