No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2750 SSH login is slow

Publication Date:  2018-03-27 Views:  67 Downloads:  0
Issue Description

The customer complains that it takes to long to login to the switch via ssh.       




Alarm Information

The login via ssh is too slow.

Handling Process

         1. First step: We need to collect some information when he tries to login the switch, by using the commands below:

<Huawei>debugging ssh server all all  

<Huawei>terminal monitor

Info: Current terminal monitor is on.

<Huawei>terminal debugging

Info: Current terminal debugging is on.

         2. Second step: Analyze the debugging logs we collect, firstly check the algorithm and then check how long it take:



Root Cause

After analyzing the debug we noticed it use the highest complex one which should use the most time to compute.

SSH have 3 different algorithms dh_group_exchange_sha1dh_group14_sha1dh_group1_sha1 . Customer uses now “dh_group_exchange_sha1” which is the highest algorithms with complex security.

Since he uses the most complex algorithm and since this switch does not have enough CPU to compute, it is normal to take that long.


Solution

As a workaround, he can use this command to adjust the sequence but this will compromise the security:

“ssh server key-exchange”

The default sequence is dh_group_exchange_sha1 | dh_group14_sha1 | dh_group1_sha1 and the security is from high to low. He can also change the algorithm from Putty tool.


END