New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734784 link

Starred by 0 users
Status: Fixed
Owner:
vapier@chromium.org
Closed: Jun 2017
Cc:
vapier@chromium.org
grundler@chromium.org
ihf@chromium.org
patricia@chromium.org
dchan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature
OKR



Sign in to add a comment

openssh: turn on USE=hpn & None cipher support

Project Member Reported by vapier@chromium.org, Jun 19 2017 
we should look at turning on USE=hpn in our openssh builds.  hpn performs better for bulk transfers even with encryption turned on.

this will also give us access to the NoneEnabled option which in turn will allow us to turn off encryption for the session (after the auth phase) which in turn should speed things up in general ?

so the steps:
- turn on USE=hpn for sdk & boards for openssh
- update chromeos-base/chromeos-sshd-init to enable NoneEnabled by default
  - this changes the server to allow None cipher usage, but doesn't by itself change anything
- update ssh connections run inside the chroot as part of test to use -oNoneSwitch=yes -oNoneEnabled=yes
  - the ssh outside of the chroot frequently doesn't have hpn support which means it doesn't have none cipher support

Comment 1 by grundler@chromium.org, Jun 19 2017

Cc: ihf@chromium.org

Comment 2 by pprabhu@chromium.org, Jun 19 2017

Labels: OKR
Does this require infra changes?

Comment 3 by vapier@chromium.org, Jun 20 2017 

i suspect it won't be feasible for us to get custom patched versions of openssh inside of Ubuntu running on our bots :/

here's the patch to make that happen:
https://github.com/rapier1/openssh-portable/commit/b54534ed31b93cafe491e2ebe89b692e7aeb1e97
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 20 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/268a3751ada075be0611a93cb7e690ec50a4f23d

commit 268a3751ada075be0611a93cb7e690ec50a4f23d
Author: Mike Frysinger <vapier@chromium.org>
Date: Tue Jun 20 22:28:48 2017

openssh: upgrade to newer 7.3 version

This has some security and hpn fixes which we want.

BUG= chromium:734784 
TEST=precq passes (which runs vmtests which talks to the DUT via ssh)

Change-Id: I136d9fd819050be60010fd1646b408ab2a6a6f6e
Reviewed-on: https://chromium-review.googlesource.com/541015
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Grant Grundler <grundler@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>

[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-NEWKEYS_null_deref.patch
[modify] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/metadata.xml
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-x509-9.2-warnings.patch
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-Unregister-the-KEXINIT-handler-after-receive.patch
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-hpn-12-x509-9.2-glue.patch
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-9.2-glue.patch
[modify] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/Manifest
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-fix-ssh1-with-no-ssh1-host-key.patch
[rename] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/openssh-7.3_p1-r8.ebuild
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3-mips-seccomp-n32.patch
[add] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
[modify] https://crrev.com/268a3751ada075be0611a93cb7e690ec50a4f23d/net-misc/openssh/files/sshd.rc6.4
Project Member

Comment 5 by bugdroid1@chromium.org, Jun 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/7f8d098d111b84bc9dba0170520f2e485357ff93

commit 7f8d098d111b84bc9dba0170520f2e485357ff93
Author: Mike Frysinger <vapier@chromium.org>
Date: Wed Jun 28 07:59:04 2017

openssh: turn on USE=hpn

This should help with bulk transfers, and enable support for None ciphers.
  https://www.psc.edu/hpn-ssh

BUG= chromium:734784 
TEST=precq passes (which runs vmtests which talks to the DUT via ssh)

Change-Id: If3e431905259e134579bc18a54f6f3a380a0388f
Reviewed-on: https://chromium-review.googlesource.com/540317
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>

[modify] https://crrev.com/7f8d098d111b84bc9dba0170520f2e485357ff93/profiles/targets/sdk/package.use
[modify] https://crrev.com/7f8d098d111b84bc9dba0170520f2e485357ff93/profiles/targets/chromeos/package.use

Comment 6 by vapier@chromium.org, Jun 28 2017

Owner: vapier@chromium.org
Status: Fixed (was: Available)

Comment 7 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Comment 8 by vapier@chromium.org, Jun 21 2018

Status: Fixed (was: Archived)

Sign in to add a comment