Re: Linux Services

On Tue, 23 May 2006 17:32:12 -0400, General Schvantzkoph wrote:

On Tue, 23 May 2006 22:37:36 +0200, Michael Heiming wrote:

In comp.os.linux.misc General Schvantzkoph <schvantzkoph@xxxxxxxxx>:

You could just use another cypher or even none to speed up operations,
and lower CPU usage, authentication will still be encrypted.
"blowfish" usually doesn't use that much CPU.

How do you specify no cypher? In the ssh man page I don't see a choice
for no cypher.

Look at the openssh source, as usual 'grep' is your friend. ;-)

Also how do you specify the cypher for rsync and cvs?

What about the obvious?

rsync ... -e "ssh -c blowfish" ...

How would you set up the env variable? I tried doing a

setenv CVS_RSH "ssh -c blowfish"

but that didn't work.

I've tried a number of experiments talking to machines with various speed
connections and CPUs. The configuration factor that makes the most
difference is compression. It either helps or hurts depending on the speed
of the connection. I did all tests from an A64 with an Nforce4 gigabit
ethernet connection. I scped to the following machines,

X2 4400+ with gigabit
Dual Xeon with gigabit
PII 450 with 100bt
PIII 1000 over DSL

When talking gigabit to gigabit compression degrades the transfer rate by
2 to 1.

When talking 100Bt compression helps slightly, about 5%.

When talking DSL compression is a huge win, I saw a 10 to 1 improvement.

Obviously compression only helps if you are transferring something that
hasn't already been compressed. My test case was a 6.8MB tar file. If you
used a tar.gz adding ssh compression would always hurt you.

After compression has been optimized for the different connections the
cipher can make a big difference. I found that the fastest cipher was
arcfour, followed by blowfish. Here are some results transferring between
fast machines, (A64 3800+ to X2 4400+ over gigabit)

3des-cbc 1.57 seconds
aes256-cbc 1.27 seconds
aes192-cbc 1.03 seconds
aes128-cbc .96 seconds
cast128-cbc .86 seconds
blowfish-cbc .74 seconds
arcfour .61 seconds

When going across a 1M DSL line the cypher matters much less,

DSL compression on
aes256-cbc 8.22 seconds
arcfour 7.99 seconds

DSL compression off,
aes256-cbc 81.59 seconds
arcfour 81.78 seconds


Configuring ssh for various machines is done in the ~/.ssh/config file. It
can also be done in /etc/ssh/ssh_config. Here is an example config file.
The Ciphers line orders the choice of cyphers from first choice to last.

Host *
ForwardX11 yes
ForwardX11Trusted yes
StrictHostKeyChecking no
ForwardAgent yes
BatchMode yes
Ciphers arcfour,blowfish-cbc,aes128-cbc,aes256-cbc,aes192-cbc,cast128-cbc,3des-cbc
Host saratoga
Compression no
KeepAlive yes
Host nimitz
Compression no
KeepAlive yes
Host enterprise
Compression no
KeepAlive yes
Host dreadnought
Compression yes
Port 2200
KeepAlive yes
Host darkwing
Compression yes
KeepAlive yes






.

Relevant Pages