On a MIPS based build of OpenSSH 4.2p1, It hangs on Generating RSA1 keys during the installation. Sitting at 12+ hours without a completion. I have another Machine with OpenSSH 3.7, take about 5 minutes. Any suggestions, or information I can gather to help diagnose the issue.
How fast is the CPU? The default key length changed to 2048 bits in 4.1 or 4.2. Can you generate 1024-bit host keys manually, and if so how long does it take? eg # ssh-keygen -b 1024 -t rsa1 -f /usr/local/etc/ssh_host_key -N "" # ssh-keygen -b 1024 -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" # ssh-keygen -b 1024 -t dsa -f /usr/local/etc/ssh_host_dsa_key -N "" If you have 2 similar machines, how does "openssl speed rsa" on the two compare? And did OpenSSL's self-test "make tests" pass? The other instance of "it takes forever to generate a key" I've seen were problems with certain old steppings of <= 300 MHz UltraSPARCs. Some were fine, some took many hours, so it's possible it's something specific to the problem machine. What OS is this running, BTW?
Which particular MIPS processor is this on? I ran into a similar issue with R4000-based systems. The problem did not occur on other processors, R4400's, R5000's, etc.
Ok it's a RM5231 at 250MHZ. No the 1024 keys seem to have the same issue. The results from then openssl tests are. openssl speed rsa Doing 512 bit private rsa's for 10s: 853 512 bit private RSA's in 9.87s Doing 512 bit public rsa's for 10s: 6136 512 bit public RSA's in 9.66s Doing 1024 bit private rsa's for 10s: 117 1024 bit private RSA's in 10.00s Doing 1024 bit public rsa's for 10s: 2837 1024 bit public RSA's in 9.80s Doing 2048 bit private rsa's for 10s: 24 2048 bit private RSA's in 9.89s Doing 2048 bit public rsa's for 10s: 1053 2048 bit public RSA's in 9.91s Doing 4096 bit private rsa's for 10s: 5 4096 bit private RSA's in 11.11s Doing 4096 bit public rsa's for 10s: 321 4096 bit public RSA's in 9.95s OpenSSL 0.9.8a 11 Oct 2005 built on: Tue Nov 22 18:11:03 PST 2005 options:bn(64,64) md2(int) rc4(idx,int) des(idx,risc2,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -mabi=64 -DL_ENDIAN -DTERMIO -O3 -g -Wall available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times sign verify sign/s verify/s rsa 512 bits 0.011571s 0.001574s 86.4 635.2 rsa 1024 bits 0.085470s 0.003454s 11.7 289.5 rsa 2048 bits 0.412083s 0.009411s 2.4 106.3 rsa 4096 bits 2.222000s 0.030997s 0.5 32.3
What kind of entropy source does it have? How long does something like this take? $ openssl rand -base64 1024 You still haven't given any kind of description of the OS you're running on...
It's on an LinuxFromScratch based system. One system is GCC 3, Glibc 2.3.5, OpenSSL 0.9.8a. The other is GCC4, GLIBC Snapshot, OpenSSL 0.9.8a. The time of the test you asked to run was real 0m0.234s user 0m0.115s sys 0m0.119s On both systems.
Any further suggestions or tests you would like me to run?
Finally got it to work. Looks like it was not detecting the SSL Library correctly. Once I added --with-ssl-dir=/usr everything works like a charm.
It sounds like you have more than one OpenSSL installation on your system. Anyway, since it's now working I am closing the bug.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.