SSH overhead (was: SSH authentication bypass?)
Joshua Judson Rosen
rozzin at geekspace.com
Thu Jun 26 16:56:11 EDT 2014
kevin_d_clark at comcast.net (Kevin D. Clark) writes:
>
> Mark Komarinski writes:
>
> > HPN SSH (patches to boost ssh performance) allows for no encryption
> > of the data stream but IIRC the authentication is encrypted. That
> > doesn't bypass authentication so this may not be related
>
> The following statement is based on my experience with these patches:
> I didn't notice much of a difference from these patches when I was
> copying a certain {large-ish, constantly updating} file from a site on
> the West Coast to a site in NH.
It's remarkably easy to overestimate the cost of encryption; and
remarkably easy to underestimate the effects of latency, uplink
bandwidth-limitations, fragmentation, and all sorts of other things
that happen when traversing big networks like the Internet.
IIRC, I had a situation last year where the encrypted ssh stream was
snappy after the connection was established, but the initial DH exchange
took 15 seconds (not even including network issues).
--
"'tis an ill wind that blows no minds."
More information about the gnhlug-discuss
mailing list