From owner-freebsd-questions  Sat Jul  6  1:57:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 293E637B400
	for <freebsd-questions@FreeBSD.ORG>; Sat,  6 Jul 2002 01:57:24 -0700 (PDT)
Received: from server.rucus.ru.ac.za (server.rucus.ru.ac.za [146.231.115.1])
	by mx1.FreeBSD.org (Postfix) with SMTP id 4E9DA43E31
	for <freebsd-questions@FreeBSD.ORG>; Sat,  6 Jul 2002 01:57:21 -0700 (PDT)
	(envelope-from drs@rucus.ru.ac.za)
Received: (qmail 26551 invoked from network); 6 Jul 2002 08:57:17 -0000
Received: from shell-fxp1.rucus.ru.ac.za (HELO shell.rucus.ru.ac.za) (10.0.0.1)
  by server.rucus.ru.ac.za with SMTP; 6 Jul 2002 08:57:17 -0000
Received: (qmail 22219 invoked by uid 10032); 6 Jul 2002 08:57:17 -0000
Date: Sat, 6 Jul 2002 10:57:17 +0200
From: David =?iso-8859-1?Q?Sieb=F6rger?= <drs@rucus.ru.ac.za>
To: Corey Snow <corey@snowpoint.com>,
	Mario Doria <mariodoria@yahoo.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Why is OpenSSH 3.4 so slow when connecting with privilege separation enabled?
Message-ID: <20020706085717.GA21903@rucus.ru.ac.za>
References: <3D24F903.2050008@yahoo.com> <3D262494.31775.1FCC2DD@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <3D262494.31775.1FCC2DD@localhost>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri 2002-07-05 (22:58), Corey Snow wrote:
> On 4 Jul 2002, at 20:40, Mario Doria wrote:
> > Why does it take so much time for the recently MFDed OpenSSH 3.4 to 
> > authenticate me when Privilege Separation is enabled?. Is this normal?
> 
> I noticed this as well, or at least I did on my 486. The only 
> information I could track down was that in some situations it can 
> take a long time to generate the session keys- I think a lot depends 
> on what the machine does and how much activity is going on.

This has to do with the version of the SSH protocol that's being used
rather than privilege separation.  The default for ssh in stable is
now "Protocol 2,1" whereas it used to be "Protocol 1,2".  On slow
machines, SSH 2 takes noticably to connect than SSH 1 does, so you
may wish to change the settings in /etc/ssh/ssh_config,
/etc/sshd_config and/or ~/.ssh/config.


-- 
David Siebörger
drs@rucus.ru.ac.za

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message