What is the most expensive step in an SSH2 session?

Question

What is the most expensive step in an SSH2 session?

I am trying to figure out what exactly most processors use in initializing a key-exchange / authentication / SSH2 session. I am optimizing it for the embedded processor, and currently session initialization seems to be the biggest bottleneck. In particular, I am using a dropbear server with an RSA key. Does RSA or one of its parts require significant processor power?

Thank!

+3

optimization c embedded encryption

lxe May 02, '11 at 21:03

source share

1 answer

Thomas Pornin · Accepted Answer · 2011-05-03T11:28:13+0000

The three most expensive SSH2 key exchange operations (on the server):

Diffie-Hellman Key Exchange.
The RSA signature is dynamically computed by the server.
, ( , ).

, RSA: RSA , DSA ( , DSA).

DH , diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 SSH ( 8). 2048- , 1024- . , DH 4-8 , . , 1024- DH , 1024- RSA, , , ( SSH DH , , , DH , , SSH, ).

, RSA : 2048 RSA 8 , 1024- RSA. DSA , RSA (, ).

, SSH2:

diffie-hellman-group1-sha1 ( );
DSA ;
RSA .

SSH ( , OpenSSH) ECDSA ECDH (Diffie-Hellman ) DH. ECDSA ECDH , , , DSA DH. , ECDSA ECDH 256- . OpenSSH ECDH, KexAlgorithms ecdh-sha2-nistp256; ssh-keygen -t ecdsa -b 256 ECDSA .

, OpenSSH :

ecdh-sha2-nistp256 ;
256- ECDSA ;
RSA .

.

What is the most expensive step in an SSH2 session?

More articles: