execute “ssh-keygen -t rsa -b 4096” make asyncssh connection slow

[xjie0626]

I tried to execute the command to generate private key file on Linux, “ssh-keygen -t rsa -b 4096” ,but after execution, the connection of asyncssh through user password will be slow, and the larger the -b parameter, the slower the execution. Why? Is there any version to solve this problem?

asyncssh 2.19.0

Multiple ssh versions are like this.
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
or
OpenSSH_9.2p1, OpenSSL 1.1.1f 31 Mar 2020

[ronf]

Using a larger RSA key size is definitely going to make things slower. The last time I measured this, signing with a 4096 bit RSA key is about 6-7 times slower than a 2048 bit key. This has nothing to do with SSH -- you can see this difference when using something like "openssl speed" and running the raw crypto operation without any other protocol overhead.

Also, note that the ssh-keygen command you're asking about is provided by OpenSSH, not AsyncSSH. The AsyncSSH equivalent to this would be:

    key = asyncssh.generate_private_key('ssh-rsa', key_size=4096)

If you needed to write the resulting key out to a file, you'd then do something like:

    key.write_private_key(filename)

Whether you use AsyncSSH or OpenSSH to generate the key won't really make any difference in speed when using that key, though. If you want the added security of a large key, you have to pay the cost.

That said, you might consider using ECDSA or EdDSA keys if this an issue. They also get slower with larger key sizes, but you get MUCH better security at a much lower cost. Going with something like a 256 bit ECDSA key would be the equivalent of a 3072 bit RSA key but be significantly faster (about 100x faster on my machine here, though some of that might be due to hardware acceleration).

[xjie0626]

@ronf thanks
But I directly execute SSH user@xx.xx.xx.xx After entering the username and password, the hostname quickly obtained the return value, Isn't asyncssh a similar process

[ronf]

Can you provide some sample code for the asyncssh case where you are seeing the slowness? Also, when you compare it to 'ssh user@host', are you actually providing the 'ssh-keygen' command as part of the SSH command, or are you logging into a shell on the remote system and then entering the 'ssh-keygen' command into that shell? What is the exact command there?

[ronf]

Closing this due to inactivity. Feel free to re-open it or create a new issue if you still need help.