From: Peter C. <pe...@ll...> - 2004-01-27 01:24:34
|
On Mon, Jan 26, 2004 at 05:22:51PM -0600, Sean The RIMBoy" wrote: > On Mon, 26 Jan 2004, Peter Cordes wrote: >=20 > > sshd is much slower than rshd, BTW. It has to do a lot of crypto to > > authenticate a connection, so startup times are _way_ higher with ssh. > > Agreed. One thing you can do to help a little is to use blowfish for your > crypto. That only helps if your symmetric cipher is CPU limited. I'm talking about the RSA (or DSA) authentication stuff when the connection is made. The time to encrypt a packet with the shell command line you want is negligible, even with 3des, compared to the connection setup time of ssh. As you say, it's useful when transfering a lot of data. I've seen the suggestion that turning compression on can actually decrease CPU usage, because there will be less data to encrypt! > I make sure to use it when I'm transferring files (scp -c > blowfish). Better yet, you'll die() if you transfer a large amount of > data off of an SGI and don't use blowfish. Of course, it's all relative,= =20 > your SGI won't die (though some should) but you'll be waiting a long time= =2E =20 I still have Cipher Blowfish in my /etc/ssh/ssh_config, but I haven't changed the Ciphers line (for ssh2), so it will use AES-128 for ssh2 connections. Isn't Rijndael (sp?) supposed to be pretty fast? (It was the winning AES candidate.) --=20 #define X(x,y) x##y Peter Cordes ; e-mail: X(peter@cor , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC |