In above openssh ObscureKeystroke default to on and that make apps like emacs/xterm very slow to start(take 5-7 secs before window appear) over an remote ssh connection with X11 forwarding. Even kill-line in emacs takes seconds to complete Setting "ObscureKeystrokeTiming no" makes these normal again. I suggest Gentoo makes "ObscureKeystrokeTiming no" default or at least warn somehow about this.
We're not going to disable a security mitigation by default. Have you tried speaking to upstream to see if they have any input on it?
(In reply to Sam James from comment #1) > We're not going to disable a security mitigation by default. > > Have you tried speaking to upstream to see if they have any input on it? I have not, they think this is a good feature or they would not have enabled it by default.
(In reply to Joakim Tjernlund from comment #2) > (In reply to Sam James from comment #1) > > We're not going to disable a security mitigation by default. > > > > Have you tried speaking to upstream to see if they have any input on it? > > I have not, they think this is a good feature or they would not have enabled > it > by default. Ir maybe it is just my systems that have some odd tweak somewhere that makes this very slow.
(In reply to Joakim Tjernlund from comment #2) > (In reply to Sam James from comment #1) > > We're not going to disable a security mitigation by default. > > > > Have you tried speaking to upstream to see if they have any input on it? > > I have not, they think this is a good feature or they would not have enabled > it > by default. Or maybe they're not aware of the impact on X11 forwarding? Just speak to them? At worst, they say it's an unfortunate but unavoidable side-effect.
https://bugzilla.mindrot.org/show_bug.cgi?id=3655 -> https://github.com/openssh/openssh-portable/commit/fe6c6330c1a94c7a537efe9069853ce7a275c50a
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0147b4dd59f9f653bada12ce3474c54df49030ad commit 0147b4dd59f9f653bada12ce3474c54df49030ad Author: Sam James <sam@gentoo.org> AuthorDate: 2024-10-29 00:59:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-10-29 01:06:01 +0000 net-misc/openssh: add 9.9_p1 * Add a patch from master for slow X forwarding (bug #929191) with the default-on ObscureKeystrokeTiming feature. * Pull in various patches from upstream's stable branch (V_9_9) and add a note to the ebuild about checking it, see https://marc.info/?l=openssh-unix-dev&m=172723798122122&w=2. * Add USE=legacy-ciphers (bug #941255) to support DSA keys. I'll probably backport this to 9.8 too. Bug: https://bugs.gentoo.org/929191 Closes: https://bugs.gentoo.org/940250 Closes: https://bugs.gentoo.org/941255 Signed-off-by: Sam James <sam@gentoo.org> net-misc/openssh/Manifest | 2 + .../files/9.9_p1/0001-fix-utmpx-ifdef.patch | 39 ++ ...build-construct_utmp-when-USE_BTMP-is-set.patch | 40 ++ .../9.9_p1/0003-gss-serv.c-needs-sys-param.h.patch | 30 ++ ...x-regression-introduced-when-I-switched-t.patch | 296 ++++++++++++++ ...x-previous-change-to-ssh_config-Match-whi.patch | 70 ++++ ...x-ML-KEM768x25519-KEX-on-big-endian-syste.patch | 99 +++++ ...0007-upstream-explicitly-include-endian.h.patch | 37 ++ ...-htole64-etc-for-systems-without-endian.h.patch | 66 +++ .../files/openssh-9.9_p1-x-forwarding-slow.patch | 66 +++ net-misc/openssh/metadata.xml | 5 + net-misc/openssh/openssh-9.9_p1.ebuild | 442 +++++++++++++++++++++ 12 files changed, 1192 insertions(+)
