[X2Go-User] ssh-keygen.exe loads the processor every time the client starts
Orion Poplawski
orion at nwra.com
Tue Nov 7 03:38:49 CET 2017
On 10/06/2017 12:57 AM, Ulrich Sibiller wrote:
> On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan <ionic at ionic.de> wrote:
>>
>> On 09/28/2017 01:49 PM, Max A. wrote:
>>> I'm using a x2go server on CentOS 6.9 (the latest version from EPEL,
>>> 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go
>>> Client (4.1.0.0-2017.03.11). Each time the client connects,
>>> ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with
>>> the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C:
>
>> I explicitly decided against that. For more information and the rationale for
>> this change, refer to the release announcement:
>> http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html
>
> The release announcement talks about 2048-bit keys being generated
> while this indicates that even stronger keys are being used (which in
> turn increases the time to create them). I think for slow clients this
> is too much. At least the admin should be able to decide about the
> required security, not the maintainer.
>
> So what about staying as is by default but providing a possibility to
> pre-generate keys for those connections.
>
> Uli
What about ed25519 keys?
https://stribika.github.io/2015/01/04/secure-secure-shell.html
About 30-60 times faster to create on my fairly fast machine.
Unfortunately EL6 era machines don't support them.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 https://www.nwra.com/
More information about the x2go-user
mailing list