SSH on 6.2 - Printable Version
+- IRIX Network Forums (//forums.irixnet.org)
+-- Forum: SGI/MIPS (//forums.irixnet.org/forum-3.html)
+--- Forum: Development/Porting (//forums.irixnet.org/forum-9.html)
+--- Thread: SSH on 6.2 (/thread-2520.html)
+- IRIX Network Forums (//forums.irixnet.org)
+-- Forum: SGI/MIPS (//forums.irixnet.org/forum-3.html)
+--- Forum: Development/Porting (//forums.irixnet.org/forum-9.html)
+--- Thread: SSH on 6.2 (/thread-2520.html)
SSH on 6.2 - 02girl - 10-19-2020
I've been working on connecting my olde SGI to the outside world and thought I'd share notes. I'm not a crypto expert, if anyone has suggestions on how to improve I'd love to hear.
WARNING: The world is scary and if your Indigo gets 0wned it's not my problem.
Download OpenSSH 5.8p2. I have OpenSSL 0.96 from Freeware, with GCC 2.95 and zlib 1.1.3, so things can only be so modern without recompiling everything. Remove OpenSSH 2.5 if you have it, we'll build to /usr/local. SSH 3.4 was bundled with Irix 6.5.19, so 5.8 is an improvement. Software from 9 years ago is great.
Code:
./configure --with-zlib=/usr/freeware/lib/openssl --without-zlib-version-check --with-ssl-dir=/usr/freeware/lib/openssl --sysconfdir=/etc/ssh --with-cflags=-funroll-loops --disable-lastlog --with-mantype=catWe're not using compression, and we avoid a bug in lastlog.
Edit the Makefile, optimise with -O3, becasue old computers need all the speed they can get, optionally delete debugging (-g), also check openbsd-compat/Makefile
Type gmake ; and go have a coffee or three, this takes forever. How to compile with MIPSPro? And what's with Irix manpages? nroff -man -Tlp ?
The default random number generator slows ssh connections by looking for nonexistent commands that once existed on Solaris. You can speed start-up from 5 seconds to 3 by editing ssh_prng_cmds
ssh-rand-helper -vvv ; will show you all the failing commands as they're tried. Comment out the bad ones.
You can add irixisms like hinv -v or nvram, I ended up with 17 entries.
Running ssh-rand-helper as a cron job will add entropy to your random seed. Or you could compile a real random number package.
Here's a graph of ssh-rand-helper randomness, it's not too awful, from 1000 samples.
Backport a recent moduli file, I used one from SSH 8.1. Why? Diffie Helman key exchange is now broken below 1024 bits. It's just a text file, drop it in the build directory.
Type gmake install as root.
Configuration is important, much old crypto has now been broken by the NSA. This is the best we can do without modern elliptic curves.
Edit /etc/ssh/ssh_config or ~/.ssh/config
Code:
TCPKeepAlive no
Compression no
UseRoaming no
Protocol 2
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
MACs hmac-ripemd160
Ciphers aes192-ctr,aes128-ctr
RekeyLimit 128kNow we can generate our keys, the defaults are a bit small for 2020.
Code:
ssh-keygen -t rsa -b 3072Passphrases and ssh-agent setup are left as an exercise for the reader.
Not much point in making a tardist of this, no one runs Irix 6.2 anymore and the Freeware dependencies won't make life easier, but this might help someone somewhere.
RE: SSH on 6.2 - Raion - 10-19-2020
Have you tried dropbear? That's what I recommend instead. Openssh sucks on IRIX. It's slower than a sloth with AIDS
RE: SSH on 6.2 - 02girl - 10-20-2020
I couldn't get dropbear's tomcrypt to compile. How slow is a sloth with AIDS? On a R4600 Indy it takes 2.44 seconds to connect to a remote server. OpenSSH after 5.1 is better than it was, they cut some redundant malloc/copy/free calls.
RE: SSH on 6.2 - Raion - 10-20-2020
Did you check the patches in gitea.irixce.org's xenopatches repo? I have some for dropbear there, including libs.