使用 paramiko 进行慢速公钥认证 [英] Slow public key authentication with paramiko

问题描述

我使用 paramiko 通过 ssh 连接到远程服务器.使用公钥进行身份验证时，性能很慢(约 90 秒).这是相关的日志输出:

I am using paramiko to connect to a remote server over ssh. When authenticating using a public key, the performance is slow (~90 secs). Here is the relevant logging output:

2012-05-14 17:37:21,378 Ciphers agreed: local=aes128-ctr, remote=aes128-ctr 
2012-05-14 17:37:21,378 using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none 
2012-05-14 17:37:21,481 Switch to new keys ... 
2012-05-14 17:37:21,483 Adding ssh-rsa host key for 10.12.34.56: 8a05c68a0707a9fad19290c22542a338 
2012-05-14 17:37:21,485 Trying discovered key 3793c7b9c500f52c12e190e92e21713f in /home/david/.ssh/id_rsa 
2012-05-14 17:37:21,513 userauth is OK 
2012-05-14 17:38:54,370 Authentication (publickey) successful!

注意日志输出的最后两行之间的延迟.当使用 ssh 从命令行连接同一用户和远程服务器时，连接是即时的.任何想法导致延迟的原因是什么?

Note the delay between the last two lines of log output. When using ssh to connect from the command line for the same user and remote server, the connection is instantaneous. Any ideas what is causing the delay?

推荐答案

经过大量的实验，似乎延迟与密钥的长度有关.我使用的第一个密钥是 4096 位.当我切换到较短的(2048 位)密钥时，验证所需的时间显着减少(<2 秒).

After a fair amount of experimentation, it appears that the delay is related to the length of the key. The first key I was using was 4096 bits. When I switched to a shorter (2048 bit) key, the amount of time required to authenticate dropped dramatically (< 2 seconds).

这篇关于使用 paramiko 进行慢速公钥认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！