The customer complains that it takes to long to login to the switch via ssh.
The login via ssh is too slow.
1. First step: We need to collect some information when he tries to login the switch, by using the commands below:
<Huawei>debugging ssh server all all
Info: Current terminal monitor is on.
Info: Current terminal debugging is on.
2. Second step: Analyze the debugging logs we collect, firstly check the algorithm and then check how long it take:
After analyzing the debug we noticed it use the highest complex one which should use the most time to compute.
SSH have 3 different algorithms dh_group_exchange_sha1、dh_group14_sha1、dh_group1_sha1 . Customer uses now “dh_group_exchange_sha1” which is the highest algorithms with complex security.
Since he uses the most complex algorithm and since this switch does not have enough CPU to compute, it is normal to take that long.
As a workaround, he can use this command to adjust the sequence but this will compromise the security:
“ssh server key-exchange”
The default sequence is dh_group_exchange_sha1 | dh_group14_sha1 | dh_group1_sha1 and the security is from high to low. He can also change the algorithm from Putty tool.