DSM-G600, DNS-3xx and NSA-220 Hack Forum

dom323 · 2011-04-14 02:00:09

This is my first time posting, but I have learned a lot from reading this forum already. I have a DNS-323 with the 1.08 firmware and I am running the Fonz Fun Plug version 0.5. I have noticed that my rsync speeds when transferring files to a remote, identical NAS are quite slow (never exceeding 27 kbps). On the upload side my connection speed tests around 6Mbps (upload) and on the download side I get about 12Mbps (downloads). From the research I've done, it seems that the HPN patch for OpenSSH "may" solve the problem (http://www.psc.edu/networking/projects/hpn-ssh/). I have no idea if it actually will, but I wanted to try.

So, I downloaded the source for OpenSSH 5.8p1 and the corresponding HPN patch along with all of the recommended compiling fun plug packages. After a lot of trial and error I finally got OpenSSH with the HPN patch to compile and install on my DNS-323 (I'm pretty new to compiling). At first, it seems fine. I can ssh in and everything seems fine...until I restart.

At that point, I can no longer ssh into my NAS. The strange thing is, if I telnet in, I can then log in using ssh from the telnet prompt and even ssh into my remote NAS no problem, so OpenSSH seems to working fine. I use Putty from a windows machine on the same LAN and when I try to ssh in it just hangs for a while (no login prompt) and then gives me the "Server unexpectedly closed network connection" error. The only clue I've found comes when I try to manually start the sshd in debug mode, /ffp/sbin/sshd -d. Here's the output I get:

debug1: Config token is subsystem
debug1: HPN Buffer Size: 43689
debug1: sshd version OpenSSH_5.8p1-hpn13v11
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/ffp/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_adj from 0 to -17
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 43689
debug1: HPN Buffer Size: 43689
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 43689
debug1: HPN Buffer Size: 43689
Bind to port 22 on 0.0.0.0 failed: Address already in use.
Cannot bind any address.

After Googling the error message, I have checked that nothing else is listening on port 22 with netstat and lsof (nothing is) and even changed the listening port to something different in the sshd_config (I get the same error only with the new port number). I tried all the suggestions for disabling IPv6 that people recommend for solving this problem as well (restarting my sshd after each modification to sshd_config) still no luck.

I'm really at a loss. If anyone has any idea what this might be, I would really appreciate it.

Thanks,
Dom

P.S. In case its relevant to someone, my compile parameters for OpenSSH were as follows:
./configure --prefix=/ffp --with-privsep-path=/ffp/var/empty --with-default-path=/ffp/bin:/ffp/sbin:/usr/sbin:/sbin:/usr/bin:/bin --sysconfdir=/ffp/etc/ssh

dhub · 2011-04-14 02:15:07

Have you thought about using an rsync server. It won't require a recompile. It's unencrypted so it's less secure it is also significantly faster.

dom323 · 2011-04-14 03:18:56

Thanks for the idea. I hadn't considered using an rsync server. Unfortunately, encryption is kind of a must for me. I'm backing up some confidential company documents, and I wouldn't want to chance using an unencrypted connection. Any other ideas?

oxygen · 2011-04-14 12:58:39

dom323 wrote:
Thanks for the idea. I hadn't considered using an rsync server. Unfortunately, encryption is kind of a must for me. I'm backing up some confidential company documents, and I wouldn't want to chance using an unencrypted connection. Any other ideas?

if you want it fast: no. the dns-323 cannot handle encryption well. you wont be able to transfer more than 1 mbyte/s even with a weak chipher like twofish.

dom323 · 2011-04-14 20:10:34

Hmm, that's a bummer. I guess I should have realized that the encryption overhead was the bottleneck with the hardware specs on the dns 323. I really appreciate the insights here.

I still would like to see if I can get the HPN patch working to see if I can eek out a bit more speed though if anyone has any ideas there. My current guess is my build of OpenSSH is storing something in the firmware linux, which gets rebuilt on each reboot, instead of the fonz linux in the ffp folder. Sorry if I'm not explaining that very clearly (or accurately), but you should get what I mean. Has anybody had any luck compiling OpenSSH for the dns 323? Or, am I off the base entirely here?

bjby · 2011-04-14 22:32:50

Maybe you could try duplicity. It is archived incremental encrypted backups. But encrypted is encrypted may be just as slow.

oxygen · 2011-04-14 23:16:44

just disable the fonz' ssh or change the port in yours. but all the other changes (like increased default buffersize) in hpn wont help. the only way to make ssh fast is to disable encryption. i think the patch for that is also in hpn integrated (it's not possible in standard openssh)

dom323 · 2011-04-15 00:56:14

@bijby: Thanks for the suggestion. I will definitely look into that as it seems to allow me to transfer with encryption without using SSH. I'll let you know when/if I'm able to get it working to test it.

@oxygen: It was my understanding that the fonz ssh was simply a packaged version of OpenSSH (that's what I saw when I typed ssh -v before the upgrade). After installing the HPN patched version of OpenSSH I get the following when I type ssh -v: OpenSSH_5.8p1-hpn13v11, OpenSSL 0.9.8k 25 Mar 2009

I take that to mean that my install simply updated the existing fonz ssh. Is that not the case? If not, how would I go about disabling fonz ssh? Anyway, I definitely hear what you're saying about encryption being slow regardless, but I should be able to do a little better than 27 kbps right? Btw, I did try using another port, and I got the same error and the same results. Also, I think you are right about HPN allowing unencrypted SSH, but again I really want to avoid that if I can.

bjby · 2011-04-15 04:09:13

Duplicity on 323

http://www.drak0.com/2008/06/09/dns323- … kup-bliss/
Worked right away, but uses ':' in archive filenames, that sucks on winmachines.

Optware has a newer version. I had issues with it.

Debian, havent tried it on dns323.

dom323 · 2011-04-19 00:12:06

Thanks for the link to the packages. I played around with duplicity a little bit, but its going to be a bit more complex than I was originally hoping.

I tried a couple more things to get the HPN patched OpenSSH working. In particular, I noticed an error message I never saw before when running the configure script. It said that the the poll.h file was present but couldn't be compiled. I found poll.h in /ffp/include and it was just one line including /sys/poll.h which did not exist on my system. I tried replacing poll.h with a file of that name from the libssh (http://api.libssh.org/master/poll_8h_source.html), but I just wound up with even more compile errors.

So, unless someone has any other ideas...or feels like putting together an OpenSSH-HPN ffp package I think I'll probably just stick with the standard ssh and rsync method and deal with the slow speed. I appreciate all the help. This is a really great community.

bjby · 2011-04-19 07:25:16

Did you compile it using the ffp provided build environment?

http://nas-tweaks.net/106/compiling-sof … -fun_plug/

dom323 · 2011-04-19 14:51:33

I didn't even know an ffp build environment existed. Thank you so much for pointing me in the right direction. After a decent amount of tinkering, I was finally able to get the OpenSSH with HPN patch to install and function correctly. I had to generate an ecdsa key in addition to the other keys I already had in my /ffp/etc/ssh folder, and I had some trouble getting the AES cipher to work. I wound up generating a new rsa key with a longer bit length than default and that seemed to get AES working.

I have attached the ffp package just in case anyone else is interested. If you do install it, I recommend turning on telnet until you're sure you have your ssh working reliably again. After I install this on my other NAS, I'll post back any performance difference so we can see if this has all been worth it. Thanks again for all the help. It is really appreciated.

EDIT: Ok, so the attachment doesn't seem to be working. Sorry about that. If you're interested, you can PM me and I'll try to send it to you.

Last edited by dom323 (2011-04-19 14:55:38)

dom323 · 2011-04-20 21:36:40

Ok, so the "I told you so's" can start now. After transferring a lot of files with HPN enabled OpenSSH on both ends I saw absolutely 0 speed improvement. I'm still going to try out a couple different ciphers, but it seems that the bottleneck had nothing to do with the SSH buffer size as you all have said. Sometimes you just have to see it for yourself though.

On another note, I realized that the problems I was having with the AES cipher where due to the fact that the HPN patch I installed uses a multi-threaded version of that cipher for better performance on multi-core machines. The threading wrecked havoc on my NAS though and made AES very unstable, so I recompiled the patch without that portion and now AES is rock solid again. Just figured someone might be interested.

bjby · 2011-04-20 22:12:41

At least you learned smthng, isnt all bad.

dom323 · 2011-04-30 02:23:06

Apologies for resurrecting a dead thread, but I'm seeing some strange behavior that's related to this issue. I was trying to figure out which cipher would give me the best performance, so I ran some tests with both rsync and scp. The strangest thing came with the scp tests (although I got similar results with the rsync test as I am about to describe). I transferred the exact same file 3 times in a row using blowfish-cbc, arcfour, and aes128-ctr. According to the scp statistics I got exactly the same transfer rate and time. If the encryption overhead really is my main bottleneck, I should not be getting the same transfer rate with AES-128 as I am with Blowfish. Here is what the scp output was for each transfer:

Piano.psd 100% 15MB 156.5KB/s 160.0KB/s 01:35

My main question is: what does the second KB/s number mean? I've googled this 20 different ways and I can't find any documentation on this. All the scp statistics examples I've seen only show 1 number for the transfer rate, but I have 2. To me it seems that my transfer rate is artificially capped at 160KB/s somewhere but I have no idea where. I tried setting a very high bandwidth limit for scp (scp -l 1000) and it stayed at 160KB/s exactly. Any ideas here? I'm completely stumped.

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2011-04-14 02:00:09

OpenSSH with HPN Patch on FFP 0.5 -- Help

#2 2011-04-14 02:15:07

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#3 2011-04-14 03:18:56

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#4 2011-04-14 12:58:39

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

dom323 wrote:

#5 2011-04-14 20:10:34

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#6 2011-04-14 22:32:50

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#7 2011-04-14 23:16:44

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#8 2011-04-15 00:56:14

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#9 2011-04-15 04:09:13

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#10 2011-04-19 00:12:06

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#11 2011-04-19 07:25:16

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#12 2011-04-19 14:51:33

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#13 2011-04-20 21:36:40

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#14 2011-04-20 22:12:41

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

#15 2011-04-30 02:23:06

Re: OpenSSH with HPN Patch on FFP 0.5 -- Help

Board footer