I used to use API to access ROS devices to get statistics, but looks like sometime I can do more with ssh login to router. Ok, I set up ssh key, enables ssh service and try to do ssh login. It works, but with noticeable delay.
To be specific, I can login with telnet with no delay at all (but I have to type in the password), while ssh used to wait for 2-3 seconds (even that I can use key-based auth, but I tried without key and with password - the same pause is there). And the log just says “user login in - user logout”, no errors.
Any way I can make it faster? I tried to add myself to internal DNS on router (no speed up appeared) - any other ideas would be very appreciated!
Thank you!
SSH is encrypted, while API and Telnet aren’t… That’s probably the reason for the delay.
You can make it faster by using an ECDSA key instead of an RSA one, and preferring ECDHE key exchange and ChaCha20 as your cipher… I don’t know which one of these if any is supported by RouterOS though. I’m 99% sure that you can use an ECDSA key at least… But you do have to have generated it previously elsewhere (the “/certificate” menu can’t generate such key pairs). Or you can definitely disable public key authentication entirely, and use username and password only. The key exchange and cipher settings are part of the client side configuration. You should still include DHE and AES in the list of ciphers of course, just lower than ECDHE and ChaCha20.
With SSH, the asymmetric keys are used to derive a symmetrical key. This symmetrical key is used to encrypt the channel. If you used a long SSH key (4096 or greater), it can take quite some time to negotiate the initial connection, and pass around the symmetric key.
Try with 2048 and you will see the difference.
Of course, the more powerful routers don’t take so long doing it. Take my case:
My RB750Gr3 takes about 2 seconds to open the ssh session (using rsa key to authenticate).
My RB1100Hx2 takes about 1 second. Same key.