-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
execute “ssh-keygen -t rsa -b 4096” make asyncssh connection slow #733
Comments
Using a larger RSA key size is definitely going to make things slower. The last time I measured this, signing with a 4096 bit RSA key is about 6-7 times slower than a 2048 bit key. This has nothing to do with SSH -- you can see this difference when using something like "openssl speed" and running the raw crypto operation without any other protocol overhead. Also, note that the key = asyncssh.generate_private_key('ssh-rsa', key_size=4096) If you needed to write the resulting key out to a file, you'd then do something like: key.write_private_key(filename) Whether you use AsyncSSH or OpenSSH to generate the key won't really make any difference in speed when using that key, though. If you want the added security of a large key, you have to pay the cost. That said, you might consider using ECDSA or EdDSA keys if this an issue. They also get slower with larger key sizes, but you get MUCH better security at a much lower cost. Going with something like a 256 bit ECDSA key would be the equivalent of a 3072 bit RSA key but be significantly faster (about 100x faster on my machine here, though some of that might be due to hardware acceleration). |
@ronf thanks |
Can you provide some sample code for the asyncssh case where you are seeing the slowness? Also, when you compare it to 'ssh user@host', are you actually providing the 'ssh-keygen' command as part of the SSH command, or are you logging into a shell on the remote system and then entering the 'ssh-keygen' command into that shell? What is the exact command there? |
I tried to execute the command to generate private key file on Linux, “ssh-keygen -t rsa -b 4096” ,but after execution, the connection of asyncssh through user password will be slow, and the larger the -b parameter, the slower the execution. Why? Is there any version to solve this problem?
asyncssh 2.19.0
Multiple ssh versions are like this.
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
or
OpenSSH_9.2p1, OpenSSL 1.1.1f 31 Mar 2020
The text was updated successfully, but these errors were encountered: