Frost Jedi

by **jnmlt** » Tue Jun 26, 2012 7:01 pm

I have kind of a strange one and I'm not finding any information on it. Perhaps you can help.

I have a simple (for testing) script that works fine using the built-in/PECL "ssh2" functions in PHP.

When I change the script to use phpseclib/Net_SSH2, I get two different behaviors:

If I use a password to authenticate, the SSH process connects immediately and returns results in sub-second times every time.
If I change it to use Crypt_RSA and a private key, however, the time jumps up to around 6 seconds.
(From the Linux shell, the connection is sub-second either way. The PECL "ssh2" functions are also sub-second either way.)

Here's the relevant code, which is textbook. I've included my timestamp additions to show exactly what I'm seeing.

Code: Select all: $start = microtime(true); $key = new Crypt_RSA(); $key->loadKey(file_get_contents('/home/build/.ssh/id_rsa')); $ssh = new Net_SSH2($node); if (!$ssh->login('mltv',$key)) { echo "Login failed.<br>\n"; } $elapsed = microtime(true) - $start;

(If you're eagle-eyed, you may notice that I'm authenticating as the "mltv" user on the remote node using the local "build" user and its key. That's the way the authorized_keys file was setup and it works fine, but I'm pointing it out just in case it's useful.)

What's interesting is adding up the times from NET_SSH2_LOG_COMPLEX and the time from the microtime comparison differ.

The "$elapsed" time from one run is: 6.2556731700897 seconds

Here's the NET_SSH2_LOG_COMPLEX output, which seems to show a much shorter period of time doing work:

Code: Select all: <- 00000000 53:53:48:2d:31:2e:39:39:2d:4f:70:65:6e:53:53:48 SSH-1.99-OpenSSH 00000010 5f:33:2e:39:70:31:0a _3.9p1. -> 00000000 53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69 SSH-2.0-phpsecli 00000010 62:5f:30:2e:32:0d:0a b_0.2.. <- NET_SSH2_MSG_KEXINIT (0.0018s) 00000000 d1:cc:58:4e:55:ac:25:f9:27:c1:6b:4c:12:7d:dd:2b ..XNU.%.'.kL.}.+ 00000010 00:00:00:59:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...Ydiffie-hellm 00000020 61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67 an-group-exchang 00000030 65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68:65 e-sha1,diffie-he 00000040 6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:34:2d:73:68 llman-group14-sh 00000050 61:31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61 a1,diffie-hellma 00000060 6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:00:00:00 n-group1-sha1... 00000070 0f:73:73:68:2d:72:73:61:2c:73:73:68:2d:64:73:73 .ssh-rsa,ssh-dss 00000080 00:00:00:87:61:65:73:31:32:38:2d:63:62:63:2c:33 ....aes128-cbc,3 00000090 64:65:73:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68 des-cbc,blowfish 000000a0 2d:63:62:63:2c:63:61:73:74:31:32:38:2d:63:62:63 -cbc,cast128-cbc 000000b0 2c:61:72:63:66:6f:75:72:2c:61:65:73:31:39:32:2d ,arcfour,aes192- 000000c0 63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c:72 cbc,aes256-cbc,r 000000d0 69:6a:6e:64:61:65:6c:2d:63:62:63:40:6c:79:73:61 ijndael-cbc@lysa 000000e0 74:6f:72:2e:6c:69:75:2e:73:65:2c:61:65:73:31:32 tor.liu.se,aes12 000000f0 38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72 8-ctr,aes192-ctr 00000100 2c:61:65:73:32:35:36:2d:63:74:72:00:00:00:87:61 ,aes256-ctr....a 00000110 65:73:31:32:38:2d:63:62:63:2c:33:64:65:73:2d:63 es128-cbc,3des-c 00000120 62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63:2c bc,blowfish-cbc, 00000130 63:61:73:74:31:32:38:2d:63:62:63:2c:61:72:63:66 cast128-cbc,arcf 00000140 6f:75:72:2c:61:65:73:31:39:32:2d:63:62:63:2c:61 our,aes192-cbc,a 00000150 65:73:32:35:36:2d:63:62:63:2c:72:69:6a:6e:64:61 es256-cbc,rijnda 00000160 65:6c:2d:63:62:63:40:6c:79:73:61:74:6f:72:2e:6c el-cbc@lysator.l 00000170 69:75:2e:73:65:2c:61:65:73:31:32:38:2d:63:74:72 iu.se,aes128-ctr 00000180 2c:61:65:73:31:39:32:2d:63:74:72:2c:61:65:73:32 ,aes192-ctr,aes2 00000190 35:36:2d:63:74:72:00:00:00:55:68:6d:61:63:2d:6d 56-ctr...Uhmac-m 000001a0 64:35:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61 d5,hmac-sha1,hma 000001b0 63:2d:72:69:70:65:6d:64:31:36:30:2c:68:6d:61:63 c-ripemd160,hmac 000001c0 2d:72:69:70:65:6d:64:31:36:30:40:6f:70:65:6e:73 -ripemd160@opens 000001d0 73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61:31 sh.com,hmac-sha1 000001e0 2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2d:39:36:00 -96,hmac-md5-96. 000001f0 00:00:55:68:6d:61:63:2d:6d:64:35:2c:68:6d:61:63 ..Uhmac-md5,hmac 00000200 2d:73:68:61:31:2c:68:6d:61:63:2d:72:69:70:65:6d -sha1,hmac-ripem 00000210 64:31:36:30:2c:68:6d:61:63:2d:72:69:70:65:6d:64 d160,hmac-ripemd 00000220 31:36:30:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:2c 160@openssh.com, 00000230 68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d:61 hmac-sha1-96,hma 00000240 63:2d:6d:64:35:2d:39:36:00:00:00:09:6e:6f:6e:65 c-md5-96....none 00000250 2c:7a:6c:69:62:00:00:00:09:6e:6f:6e:65:2c:7a:6c ,zlib....none,zl 00000260 69:62:00:00:00:00:00:00:00:00:00:00:00:00:00 ib............. -> NET_SSH2_MSG_KEXINIT (0s) 00000000 ab:76:19:88:7d:21:16:89:de:16:32:0a:26:63:ef:73 .v..}!....2.&c.s 00000010 00:00:00:36:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...6diffie-hellm 00000020 61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64 an-group1-sha1,d 00000030 69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72 iffie-hellman-gr 00000040 6f:75:70:31:34:2d:73:68:61:31:00:00:00:0f:73:73 oup14-sha1....ss 00000050 68:2d:72:73:61:2c:73:73:68:2d:64:73:73:00:00:00 h-rsa,ssh-dss... 00000060 76:61:72:63:66:6f:75:72:32:35:36:2c:61:72:63:66 varcfour256,arcf 00000070 6f:75:72:31:32:38:2c:61:72:63:66:6f:75:72:2c:61 our128,arcfour,a 00000080 65:73:31:32:38:2d:63:62:63:2c:61:65:73:31:39:32 es128-cbc,aes192 00000090 2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c -cbc,aes256-cbc, 000000a0 61:65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39 aes128-ctr,aes19 000000b0 32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72 2-ctr,aes256-ctr 000000c0 2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63 ,3des-ctr,3des-c 000000d0 62:63:2c:6e:6f:6e:65:00:00:00:76:61:72:63:66:6f bc,none...varcfo 000000e0 75:72:32:35:36:2c:61:72:63:66:6f:75:72:31:32:38 ur256,arcfour128 000000f0 2c:61:72:63:66:6f:75:72:2c:61:65:73:31:32:38:2d ,arcfour,aes128- 00000100 63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61 cbc,aes192-cbc,a 00000110 65:73:32:35:36:2d:63:62:63:2c:61:65:73:31:32:38 es256-cbc,aes128 00000120 2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72:2c -ctr,aes192-ctr, 00000130 61:65:73:32:35:36:2d:63:74:72:2c:33:64:65:73:2d aes256-ctr,3des- 00000140 63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f:6e ctr,3des-cbc,non 00000150 65:00:00:00:30:68:6d:61:63:2d:73:68:61:31:2d:39 e...0hmac-sha1-9 00000160 36:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63 6,hmac-sha1,hmac 00000170 2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d:6d:64:35 -md5-96,hmac-md5 00000180 2c:6e:6f:6e:65:00:00:00:30:68:6d:61:63:2d:73:68 ,none...0hmac-sh 00000190 61:31:2d:39:36:2c:68:6d:61:63:2d:73:68:61:31:2c a1-96,hmac-sha1, 000001a0 68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63 hmac-md5-96,hmac 000001b0 2d:6d:64:35:2c:6e:6f:6e:65:00:00:00:04:6e:6f:6e -md5,none....non 000001c0 65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00 e....none....... 000001d0 00:00:00:00:00:00 ...... -> NET_SSH2_MSG_KEXDH_INIT (0s) 00000000 00:00:00:81:00:f5:8a:43:49:03:33:9a:d7:8c:38:8a .......CI.3...8. 00000010 39:bc:44:11:ea:54:c4:5a:a7:18:32:57:01:e4:4c:5a 9.D..T.Z..2W..LZ 00000020 21:a6:18:bb:34:d3:4f:2a:e4:f8:76:55:ad:99:10:00 !...4.O*..vU.... 00000030 f9:63:72:d2:36:77:e4:d8:98:bf:b2:93:3d:6a:47:85 .cr.6w......=jG. 00000040 cc:47:4f:cb:53:4b:ba:1b:a1:f8:61:18:c5:19:07:5e .GO.SK....a....^ 00000050 7f:38:27:50:af:8e:80:7d:25:46:80:fa:f8:e3:8d:3f .8'P...}%F.....? 00000060 0d:be:73:94:12:49:df:92:4f:f5:03:7a:34:5b:54:d4 ..s..I..O..z4[T. 00000070 87:7d:c5:9e:98:67:a1:17:e9:a6:d4:b8:33:ae:3a:ca .}...g......3.:. 00000080 66:d4:49:dc:e2 f.I.. <- NET_SSH2_MSG_KEXDH_REPLY (0.0161s) 00000000 00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61:00 ........ssh-rsa. 00000010 00:00:01:23:00:00:00:81:00:b9:5b:8f:1a:ca:d7:d5 ...#......[..... 00000020 56:5d:47:a7:a2:76:e1:fa:66:fe:2a:38:94:2d:07:02 V]G..v..f.*8.-.. 00000030 a8:27:85:61:09:8d:95:66:23:61:a2:66:4f:df:93:99 .'.a...f#a.fO... 00000040 eb:e1:07:c6:31:31:f0:1c:57:3a:39:a3:3e:ec:5d:fb ....11..W:9.>.]. 00000050 90:e4:eb:c3:15:62:18:d0:a7:25:a1:ff:bb:f7:e9:ec .....b...%...... 00000060 ae:e5:01:59:c4:6f:95:e7:9f:5c:0a:aa:52:36:c9:c9 ...Y.o...\..R6.. 00000070 e8:dc:ca:d4:2b:61:37:6a:a4:65:9a:6b:3d:c9:25:9c ....+a7j.e.k=.%. 00000080 03:14:4b:18:b4:6f:d9:02:74:c3:a5:2a:4c:bb:28:c7 ..K..o..t..*L.(. 00000090 aa:ed:bf:8b:c4:ef:24:99:23:00:00:00:81:00:80:58 ......$.#......X 000000a0 de:33:dd:1b:3c:6b:92:4f:cf:e8:03:e2:3f:7d:ea:44 .3...k.O....?}.D 000000b0 61:a9:6a:85:2c:d1:78:56:c2:c9:6d:80:21:fe:56:26 a.j.,.xV..m.!.V& 000000c0 3b:36:1b:3c:0e:65:2f:7e:73:e4:ff:e9:e5:de:28:90 ;6...e/~s.....(. 000000d0 a3:dd:5a:fc:29:73:c8:20:56:60:e7:2c:a4:56:13:9b ..Z.)s. V`.,.V.. 000000e0 7a:c8:4f:97:df:25:1e:1a:20:2d:6d:18:67:aa:50:d8 z.O..%.. -m.g.P. 000000f0 16:8e:40:36:17:a8:c3:9f:fa:8b:a2:16:a6:4e:52:f5 ..@6.........NR. 00000100 5e:9d:42:d9:e1:73:8d:92:03:25:f8:5e:d8:5a:24:46 ^.B..s...%.^.Z$F 00000110 c6:05:cb:fb:e5:70:21:9d:32:74:31:a8:8c:a2:00:00 .....p!.2t1..... 00000120 00:8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00 ......ssh-rsa... 00000130 80:70:66:ef:82:b6:74:d3:58:8f:d0:82:68:1d:aa:b8 .pf...t.X...h... 00000140 c3:75:a4:16:5e:92:48:30:cb:08:4f:42:fd:d1:4a:d5 .u..^.H0..OB..J. 00000150 66:76:09:50:7b:b3:db:ff:99:c8:ab:a0:69:4a:03:48 fv.P{.......iJ.H 00000160 1d:63:62:13:92:c1:ba:86:54:59:c8:4b:1a:da:a9:69 .cb.....TY.K...i 00000170 98:02:fb:45:83:91:50:a6:fe:ca:8b:85:8b:70:7e:65 ...E..P......p~e 00000180 5c:83:c4:62:89:70:84:c9:39:40:4b:51:d3:5e:1f:2a \..b.p..9@KQ.^.* 00000190 c5:4f:15:29:59:00:a8:27:50:98:1e:41:68:ce:5b:f8 .O.)Y..'P..Ah.[. 000001a0 46:64:cc:d7:7f:40:6d:e4:46:60:e0:a8:29:fa:a2:43 Fd...@m.F`..)..C 000001b0 4a J -> NET_SSH2_MSG_NEWKEYS (0s) <- NET_SSH2_MSG_NEWKEYS (0s) -> NET_SSH2_MSG_SERVICE_REQUEST (0s) 00000000 00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68 ....ssh-userauth <- NET_SSH2_MSG_SERVICE_ACCEPT (0.04s) 00000000 00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68 ....ssh-userauth -> NET_SSH2_MSG_USERAUTH_REQUEST (0s) 00000000 00:00:00:04:6d:6c:74:76:00:00:00:0e:73:73:68:2d ....mltv....ssh- 00000010 63:6f:6e:6e:65:63:74:69:6f:6e:00:00:00:09:70:75 connection....pu 00000020 62:6c:69:63:6b:65:79:00:00:00:00:07:73:73:68:2d blickey.....ssh- 00000030 72:73:61:00:00:01:15:00:00:00:07:73:73:68:2d:72 rsa........ssh-r 00000040 73:61:00:00:00:01:23:00:00:01:01:00:9c:53:a0:c0 sa....#......S.. 00000050 cc:6c:81:6f:7f:a1:17:10:98:77:7d:f2:89:c3:78:00 .l.o.....w}...x. 00000060 29:ac:9a:4b:5d:15:54:4f:e5:33:82:f3:1d:19:b4:d8 )..K].TO.3...... 00000070 98:f6:d0:ac:d4:e0:57:4d:68:1d:46:93:d2:12:91:0f ......WMh.F..... 00000080 67:7d:41:a1:71:7c:0e:8d:e3:36:20:2e:42:c9:d8:32 g}A.q|...6 .B..2 00000090 8f:1a:6e:4d:1d:1f:91:f3:6b:2b:73:a7:cf:12:9f:c3 ..nM....k+s..... 000000a0 31:9a:ab:d6:11:25:75:ca:97:d1:59:0a:1d:3f:6d:f5 1....%u...Y..?m. 000000b0 d5:28:36:92:a0:1c:f4:f7:4c:45:f3:41:bf:23:7b:5e .(6.....LE.A.#{^ 000000c0 b0:8e:a4:46:18:82:63:8a:d8:a2:49:50:b8:5b:23:f1 ...F..c...IP.[#. 000000d0 79:ea:ea:06:4f:a8:4a:5a:e8:85:7e:dc:34:ac:d2:14 y...O.JZ..~.4... 000000e0 23:b1:58:25:ae:08:80:ee:01:39:0b:f6:18:2c:6f:cd #.X%.....9...,o. 000000f0 45:d4:fc:62:20:65:e8:4b:11:5c:42:95:df:71:83:c4 E..b e.K.\B..q.. 00000100 e7:1f:8d:a0:df:38:58:44:f8:8d:83:4a:a6:da:62:48 .....8XD...J..bH 00000110 63:3e:4a:0b:76:1d:d7:36:8b:5b:e1:b3:df:e9:0f:55 c>J.v..6.[.....U 00000120 f8:e9:68:4e:aa:d2:28:b6:ef:56:49:4d:4d:02:15:e8 ..hN..(..VIMM... 00000130 75:57:d1:f1:3e:9f:d0:12:f7:51:73:7f:96:21:a8:bc uW..>....Qs..!.. 00000140 ec:77:a8:90:c1:95:5d:f5:ee:eb:f0:e9 .w....]..... <- NET_SSH2_MSG_USERAUTH_PK_OK (60) (0.0077s) 00000000 00:00:00:07:73:73:68:2d:72:73:61:00:00:01:15:00 ....ssh-rsa..... 00000010 00:00:07:73:73:68:2d:72:73:61:00:00:00:01:23:00 ...ssh-rsa....#. 00000020 00:01:01:00:9c:53:a0:c0:cc:6c:81:6f:7f:a1:17:10 .....S...l.o.... 00000030 98:77:7d:f2:89:c3:78:00:29:ac:9a:4b:5d:15:54:4f .w}...x.)..K].TO 00000040 e5:33:82:f3:1d:19:b4:d8:98:f6:d0:ac:d4:e0:57:4d .3............WM 00000050 68:1d:46:93:d2:12:91:0f:67:7d:41:a1:71:7c:0e:8d h.F.....g}A.q|.. 00000060 e3:36:20:2e:42:c9:d8:32:8f:1a:6e:4d:1d:1f:91:f3 .6 .B..2..nM.... 00000070 6b:2b:73:a7:cf:12:9f:c3:31:9a:ab:d6:11:25:75:ca k+s.....1....%u. 00000080 97:d1:59:0a:1d:3f:6d:f5:d5:28:36:92:a0:1c:f4:f7 ..Y..?m..(6..... 00000090 4c:45:f3:41:bf:23:7b:5e:b0:8e:a4:46:18:82:63:8a LE.A.#{^...F..c. 000000a0 d8:a2:49:50:b8:5b:23:f1:79:ea:ea:06:4f:a8:4a:5a ..IP.[#.y...O.JZ 000000b0 e8:85:7e:dc:34:ac:d2:14:23:b1:58:25:ae:08:80:ee ..~.4...#.X%.... 000000c0 01:39:0b:f6:18:2c:6f:cd:45:d4:fc:62:20:65:e8:4b .9...,o.E..b e.K 000000d0 11:5c:42:95:df:71:83:c4:e7:1f:8d:a0:df:38:58:44 .\B..q.......8XD 000000e0 f8:8d:83:4a:a6:da:62:48:63:3e:4a:0b:76:1d:d7:36 ...J..bHc>J.v..6 000000f0 8b:5b:e1:b3:df:e9:0f:55:f8:e9:68:4e:aa:d2:28:b6 .[.....U..hN..(. 00000100 ef:56:49:4d:4d:02:15:e8:75:57:d1:f1:3e:9f:d0:12 .VIMM...uW..>... 00000110 f7:51:73:7f:96:21:a8:bc:ec:77:a8:90:c1:95:5d:f5 .Qs..!...w....]. 00000120 ee:eb:f0:e9 .... -> NET_SSH2_MSG_USERAUTH_REQUEST (0s) 00000000 00:00:00:04:6d:6c:74:76:00:00:00:0e:73:73:68:2d ....mltv....ssh- 00000010 63:6f:6e:6e:65:63:74:69:6f:6e:00:00:00:09:70:75 connection....pu 00000020 62:6c:69:63:6b:65:79:01:00:00:00:07:73:73:68:2d blickey.....ssh- 00000030 72:73:61:00:00:01:15:00:00:00:07:73:73:68:2d:72 rsa........ssh-r 00000040 73:61:00:00:00:01:23:00:00:01:01:00:9c:53:a0:c0 sa....#......S.. 00000050 cc:6c:81:6f:7f:a1:17:10:98:77:7d:f2:89:c3:78:00 .l.o.....w}...x. 00000060 29:ac:9a:4b:5d:15:54:4f:e5:33:82:f3:1d:19:b4:d8 )..K].TO.3...... 00000070 98:f6:d0:ac:d4:e0:57:4d:68:1d:46:93:d2:12:91:0f ......WMh.F..... 00000080 67:7d:41:a1:71:7c:0e:8d:e3:36:20:2e:42:c9:d8:32 g}A.q|...6 .B..2 00000090 8f:1a:6e:4d:1d:1f:91:f3:6b:2b:73:a7:cf:12:9f:c3 ..nM....k+s..... 000000a0 31:9a:ab:d6:11:25:75:ca:97:d1:59:0a:1d:3f:6d:f5 1....%u...Y..?m. 000000b0 d5:28:36:92:a0:1c:f4:f7:4c:45:f3:41:bf:23:7b:5e .(6.....LE.A.#{^ 000000c0 b0:8e:a4:46:18:82:63:8a:d8:a2:49:50:b8:5b:23:f1 ...F..c...IP.[#. 000000d0 79:ea:ea:06:4f:a8:4a:5a:e8:85:7e:dc:34:ac:d2:14 y...O.JZ..~.4... 000000e0 23:b1:58:25:ae:08:80:ee:01:39:0b:f6:18:2c:6f:cd #.X%.....9...,o. 000000f0 45:d4:fc:62:20:65:e8:4b:11:5c:42:95:df:71:83:c4 E..b e.K.\B..q.. 00000100 e7:1f:8d:a0:df:38:58:44:f8:8d:83:4a:a6:da:62:48 .....8XD...J..bH 00000110 63:3e:4a:0b:76:1d:d7:36:8b:5b:e1:b3:df:e9:0f:55 c>J.v..6.[.....U 00000120 f8:e9:68:4e:aa:d2:28:b6:ef:56:49:4d:4d:02:15:e8 ..hN..(..VIMM... 00000130 75:57:d1:f1:3e:9f:d0:12:f7:51:73:7f:96:21:a8:bc uW..>....Qs..!.. 00000140 ec:77:a8:90:c1:95:5d:f5:ee:eb:f0:e9:00:00:01:0f .w....]......... 00000150 00:00:00:07:73:73:68:2d:72:73:61:00:00:01:00:6d ....ssh-rsa....m 00000160 9a:21:1e:e9:2c:8a:4d:2c:92:6e:6e:fd:76:88:2e:f0 .!..,.M,.nn.v... 00000170 52:18:93:37:76:58:d9:36:ad:71:16:44:a3:54:05:31 R..7vX.6.q.D.T.1 00000180 42:78:ac:60:cb:cc:ac:9a:d7:4a:e2:f7:dd:d8:b6:38 Bx.`.....J.....8 00000190 fb:50:e9:c6:e9:c8:48:ce:5b:c7:35:59:26:73:35:92 .P....H.[.5Y&s5. 000001a0 4e:b6:0f:c6:8f:19:95:82:d5:84:60:80:5c:86:3b:6d N.........`.\.;m 000001b0 5d:42:36:6a:29:2b:53:df:98:13:e9:2a:80:43:47:93 ]B6j)+S....*.CG. 000001c0 ba:0e:7f:f1:70:8b:59:8c:21:60:1f:33:34:93:06:b1 ....p.Y.!`.34... 000001d0 be:49:23:b9:7a:2c:31:a9:36:c1:ff:c4:62:eb:03:c6 .I#.z,1.6...b... 000001e0 cd:9c:93:c7:00:36:8e:8b:d8:97:17:bf:3d:f1:ca:a5 .....6......=... 000001f0 7b:a4:62:99:ee:22:ec:d0:89:21:54:3c:de:64:54:81 {.b.."...!T..dT. 00000200 e0:82:bf:df:13:ac:0a:c8:54:ea:f9:1d:84:a6:f1:bb ........T....... 00000210 2e:32:09:97:82:d6:42:3a:52:92:4c:e4:a7:f1:78:4a .2....B:R.L...xJ 00000220 13:2d:05:bd:54:59:94:94:57:eb:2b:7f:9b:e0:63:a8 .-..TY..W.+...c. 00000230 ba:45:61:a2:fa:2e:da:46:cd:d7:ed:ec:7a:ce:e6:37 .Ea....F....z..7 00000240 f5:6c:17:ed:5e:a4:71:7f:06:cb:c2:8c:6e:e2:66:b4 .l..^.q.....n.f. 00000250 8f:cc:70:35:a3:3f:9c:cf:d6:e7:75:8b:75:15:38 ..p5.?....u.u.8 <- NET_SSH2_MSG_USERAUTH_SUCCESS (0.0057s) -> NET_SSH2_MSG_CHANNEL_OPEN (0s) 00000000 00:00:00:07:73:65:73:73:69:6f:6e:00:00:00:00:7f ....session..... 00000010 ff:ff:ff:00:00:40:00 .....@. <- NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (0.0039s) 00000000 00:00:00:00:00:00:00:00:00:00:00:00:00:00:80:00 ................ -> NET_SSH2_MSG_CHANNEL_REQUEST (0s) 00000000 00:00:00:00:00:00:00:04:65:78:65:63:01:00:00:00 ........exec.... 00000010 05:75:6e:61:6d:65 .uname <- NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST (0.0018s) 00000000 00:00:00:00:00:20:00:00 ..... .. <- NET_SSH2_MSG_CHANNEL_SUCCESS (0s) 00000000 00:00:00:00 .... <- NET_SSH2_MSG_CHANNEL_DATA (0.0397s) 00000000 00:00:00:00:00:00:00:06:4c:69:6e:75:78:0a ........Linux. <- NET_SSH2_MSG_CHANNEL_REQUEST (0s) 00000000 00:00:00:00:00:00:00:0b:65:78:69:74:2d:73:74:61 ........exit-sta 00000010 74:75:73:00:00:00:00:00 tus..... <- NET_SSH2_MSG_CHANNEL_EOF (0s) 00000000 00:00:00:00 .... <- NET_SSH2_MSG_CHANNEL_CLOSE (0s) 00000000 00:00:00:00 .... -> NET_SSH2_MSG_CHANNEL_CLOSE (0s) 00000000 00:00:00:00 ....

Even though I don't see anything in the debug output, it feels like it may be waiting on a password authentication timeout before proceeding with the key-based authentication, which then zips right through. Is there any way to verify that? Is there any way to work around it?

I'd really like to use phpseclib instead, but I can't figure out the root of the 6 second delay. I'm at a loss.

by **TerraFrost** » Wed Jun 27, 2012 5:14 am

SSH2.php creates signatures with the private key which is the more expensive of the two keys to use.

There are a number of things you can do to speed it up. To illustrate let's first consider the following code:

Code: Select all: <?php include('Crypt/RSA.php'); //define('MATH_BIGINTEGER_MODE', MATH_BIGINTEGER_MODE_INTERNAL); //define('CRYPT_RSA_DISABLE_BLINDING', true); $plublickey = "<RSAKeyValue><Modulus>2/TrlXyUZmF/WArgeD8Ut4HxWrphHmSrtvcg1LqENt1w9Vuo2rPU2e7nXI6kHU2IYa3AcoFVmV2Hb5czYa8AHk5im/t5hmlxwImfUGFPnPB9FjhJ8Krt7KZ61BSw+T2iLbY2FhAtf5FBJYsspStUE8fLLl3kbGYBScH91Tt3xMokvFfDKtGWBC0Ptf4ZXlzdC4wawt3KupsTg3AmBmLrS3g2g6nF10EQkAbyMzvamKmrPLeyCsmga445U7iEFbLII1gs2KVkjsx+avMNORdRLqAgNC9SI3k98owdC9jyA9zoU0zlm2LvF8MxIgzar/um/jBpDoArnygxMPbbeqqqLQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"; $privatekey = "<RSAKeyValue><Modulus>2/TrlXyUZmF/WArgeD8Ut4HxWrphHmSrtvcg1LqENt1w9Vuo2rPU2e7nXI6kHU2IYa3AcoFVmV2Hb5czYa8AHk5im/t5hmlxwImfUGFPnPB9FjhJ8Krt7KZ61BSw+T2iLbY2FhAtf5FBJYsspStUE8fLLl3kbGYBScH91Tt3xMokvFfDKtGWBC0Ptf4ZXlzdC4wawt3KupsTg3AmBmLrS3g2g6nF10EQkAbyMzvamKmrPLeyCsmga445U7iEFbLII1gs2KVkjsx+avMNORdRLqAgNC9SI3k98owdC9jyA9zoU0zlm2LvF8MxIgzar/um/jBpDoArnygxMPbbeqqqLQ==</Modulus><Exponent>AQAB</Exponent><P>9UbSPA4Jvysu7L7uKaTT/979YhMqmh3G9x47rtl+aBunhcQFDOB6KieVjrE9zC6jqL7BEdu3MV70gW++OWiDt3nnPddGkec4AahtnKoGJ+Ir9jjs4Y9811GrJgJ+iIzd+Hxfzu68Ldp7YZgOjGGxKMyd5v90201YMvY5abo6Ug0=</P><Q>5ZK2yfoutT39ypr2FqPdWRQB/k/0lbIjlHQB6Nw1bAqKgyOTaVzH5HcpititQrU2nQb38QdmK6v4ya5Nffn4Da502/LvsHUgMxAeZpgcq8z/OrA4HiWn0JrTnLnTTe5NEUROqv6br8DxCifZn2Kw/nJpH3dZ5u6QA0gRmtp9UKE=</Q><DP>gWNWzC9rnNke6+zcnkNBQp1TdUU/GAXVS887FMXPFQRhnwME1wIj79Dp6Fg/jVKdKwtVtiH9xaGdwho8cvRbZ5J7FfhWVelvdhBvolFe5fM91am57FNRPBTtACQYs9f70HVr5TGzO00iAR3BrvRqDGfEdHMWJgnrGRciuk9vLJE=</DP><DQ>VZZyATD9kuJuqMdG8b/buOcFqztB00FblG//ekIGxKXVZ/iub3yApYNrgHExfwoyNy6u5zQ7+hIeKYqLJ2k2+lrNBGc4xw+TlpXuz47sOXyutsGV2l9thg8Cz45T4dzy7HoL3iIYBtkmxAOBVbOkiug6mtmTMc5E8IRA0/ua9qE=</DQ><InverseQ>Im9V3QlPXKWrCwBk33oiQHi0c3hElsRSMrXdXWOrFUvGZLjXITxIkx8lZqWH4LMsnK4JwQ4K5tlyEBStxQsuFDF5f1IcqE7Pi03l6lVwC4SDMiXgQ0GeN4hRmtuJ0dnb/BYiQtLusHkGdgDGCv2nT80rO77lMJoV0Zmauaq8CvI=</InverseQ><D>HUGVeDuqzXdYZdCEjNnvGn15KdUyh8ViJaL3RfRNE7MejDQV4Ikc3aPuOBxs7czbQArJVzGmvhB3rDsTRYHuZRmN+itXva4WyEJF434eBcTjDmqMQyupG9oE6mKaK3ysLqJWzVZ3hsk+Pg0l8g4yT7M6bj9k25oxv6rC5XLUemMdmMJg29I8aw5/sjhp7Hz0xAMr4wJKPr8eRdGwpkCztmyAMosG6HfHvV0OD29EuRcA6vPzPjame5rMNG14iLnfdpzCuB/GD6nyB323EJbyflqCXZvQ3QX5MnLiOUPCQMtPzHav4eVs/PnZpTU14vZ2zGlnyL97Qg1HhrGektVhgQ==</D></RSAKeyValue>"; $rsa = new Crypt_RSA(); $rsa->loadKey($plublickey); $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); $start = microtime(true); $rsa->sign('this is a test'); $elapsed = microtime(true) - $start; echo "took $elapsed seconds\r\n"; $rsa->loadKey($privatekey); $start = microtime(true); $rsa->sign('this is a test'); $elapsed = microtime(true) - $start; echo "took $elapsed seconds<br>";

With MATH_BIGINTEGER_MODE set to MATH_BIGINTEGER_MODE_GMP I get 0.001 seconds for signatures created with the public key and 0.02 seconds with the private key.

With MATH_BIGINTEGER_MODE_BCMATH I get 10.2 seconds on average for the private key vs. 6.6 seconds on average with MATH_BIGINTEGER_MODE_INTERNAL (I'm actually a little surprised by this lol - my pure PHP biginteger thing is faster than BCmath :O)

Disabling RSA Blinding shaved off about half a second on my laptop.

Something else you could do... generate a smaller key (the one in this example is 256 bytes or 2048 bits long) or a multi-prime key. A multi-prime key would only work with phpseclib though. The PKCS#1 v2.1 specs mention them but near as I can tell pretty much no other SSH / RSA library support them.

Frost Jedi

Timeout/Delay with key-based authentication

Timeout/Delay with key-based authentication

Re: Timeout/Delay with key-based authentication

Who is online