Solved ssh X11 forwarding is extremely slow from bhyve guest

[aragats]

I rarely use X11 forwarding via ssh, but this used to work fine. I'm not sure when it has broken.
FreeBSD host (14.0) with a Debian bhyve() guest using a tap interface.
iperf3() reports 2Gb/s in one direction and 5Gb/s in another.
Launching xterm() from Debian takes 6 seconds before it appears on the screen.

Thanks for ideas!

 

[aragats]

Nobody has any idea?
Using direct connection to the host's display perfectly works:

$ xhost +
$ ssh bhyve_guest
$ DISPLAY=host:0 myprogram

I was using SSH X11 forwarding between bhyve's guests and host for ages, it was working great at least before updating to FreeBSD 14.0.

 

[Phishfry]

My only thought was perhaps 14-RELEASE brought higher level encryption keys to ssh making it slower on older hardware.
I do X11-Forwarding on bare metal not bhyve.

Is this Key-based authentication or password scheme?

Have you tried comparing debian ssh_config with FreeBSD's. Maybe some default settings are different.

 

[aragats]

Is this Key-based authentication or password scheme?

Key-based.

Have you tried comparing debian ssh_config with FreeBSD's. Maybe some default settings are different.

The only "overlapping" ciphers are:
aes128-ctr, aes192-ctr, aes256-ctr

 

[Phishfry]

I thought the 'default' FreeBSD cyphers used were ED, RSA and SHA2

192.168.1.125 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOq7dOPwxUk/yezhiWJ2oIyuoSGY9MuXxy1
192.168.1.125 ssh-rsa AAAOvqpfvhsJyuoa3/hfrtDH9uYAa1kfDjpmyGBOmFe5cJNzXvni4+1Rpm3PwaVu
192.168.1.125 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABB

 

[mer]

in your $HOME/.ssh/config, have you tried adding the following (add to each host section or as a global host * at the top)
ObscureKeystrokeTiming "no"

OpenSSH added that to add security, the default is "yes". It adds random delay to keystrokes. I found it slowed the initial ssh in and then any X apps would take minutes to open.

 

[aragats]

I thought the 'default' FreeBSD cyphers used were ED, RSA and SHA2

192.168.1.125 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOq7dOPwxUk/yezhiWJ2oIyuoSGY9MuXxy1
192.168.1.125 ssh-rsa AAAOvqpfvhsJyuoa3/hfrtDH9uYAa1kfDjpmyGBOmFe5cJNzXvni4+1Rpm3PwaVu
192.168.1.125 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABB

Here is what I got in my FreeBSD 14.0 host:

# sshd -T | grep -i 'cipher'
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

in your $HOME/.ssh/config, have you tried adding the following (add to each host section or as a global host * at the top)
ObscureKeystrokeTiming "no"

OpenSSH added that to add security, the default is "yes". It adds random delay to keystrokes. I found it slowed the initial ssh in and then any X apps would take minutes to open.

That did the trick!!! Thank you, mer !

 

[kpedersen]

Something to try might be to explicitly specify a "cheap" cypher and seeing if its faster.

One of the fastest used to be blowfish but I think that was removed:

https://blog.famzah.net/2015/06/26/openssh-ciphers-performance-benchmark-update-2015/

Edit: Ah, I didn't know about the ObscureKeystrokeTiming. Thats quite a gotcha!

 

[mer]

Edit: Ah, I didn't know about the ObscureKeystrokeTiming. Thats quite a gotcha!

There is at least one thread here on the forum where someone pointed it out to me; I was have the exact same issue. The way it showed up for me was starting anything on the remote to display on the local, even just xterm, took forever to show up. Going through all the debug steps, "why the heck is it taking so long for a keypress to register" was a big clue. If you "man ssh_config" it has more info.

ETA:
I never expected to run into "Security through Obscurity" in real life then this