DragonFly BSD
DragonFly users List (threaded) for 2006-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Network Slowdowns?

From: "Miguel Figueiredo Mascarenhas Sousa Filipe" <miguel.filipe@xxxxxxxxx>
Date: Thu, 12 Oct 2006 09:47:56 +0100


On 12 Oct 2006 07:50:53 GMT, Oliver Fromme
<check+j70hk000rs05jd2r@xxxxxxxxxx> wrote:
Matthew Dillon wrote:
 > [...]
 >    CPU overhead is a different beast entirely.   SSH has a lot of encryption
 >    and decryption overhead... my transfers over localhost top out at
 >    21.8 MBytes/sec on my test box.

The good old ssh1 package had a "-c none" option which
disabled encryption entirely.

Unfortunately the OpenSSH folks removed it for "security
reasons".  I have a patch that applies to FreeBSD's contrib
version of openssh; I think it should be usable on DF, too
(but I haven't tried).  The patch is very simple.


It is useful in cases where the underlying transport already
does encryption anyway (e.g. over IPSEC, an OpenVPN tunnel
or whatever), or if you trust the network (e.g. your home
LAN, of if it's a direct link between two boxes).  It makes
a hell of a difference if at least one of the two machines
has a slow CPU (or has a fast CPU but is loaded with other
processes), and you're scp'ing large amounts of data.
Of course you could use rcp, ftp or whatever, but the nice
thing with "scp -c none" is that you can still benefit from
all the other features of ssh, such as authentication via
the authorized_keys file, shortcuts via .ssh/config, easy
tunneling of X11 and other connections etc.

Just to add that the fastest ssh ciphers I've tested are: blowfish-cbc arcfour

that's the "performance tunning" I do on all ssh_configs..

googling will confirm this.. so did
a lot of big scp's linux/x86 <-> solaris 7/sparc back in the days, in
my university...
(over ethernet + IPoverATM (which sucks  btw.. :=) )

Best regards

best regards,

Miguel Sousa Filipe

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]