https://bugzilla.mindrot.org/show_bug.cgi?id=3768
--- Comment #2 from bitianyuan <b...@mail.ustc.edu.cn> --- After observation, we find that the performance deterioration is not caused by the public key rotation mechanism itself. Instead, the SSH2_MSG_CHANNEL_OPEN_CONFIRMATION message is sent again after the public key is sent. However, the client does not need to send any message (the SSH2_MSG_CHANNEL_Open and SSH2_MSG_GLOBAL_REQUEST messages have been sent). Therefore, after the client receives the message, the kernel waits for 40 ms to send an ACK message. As a result, the server kernel needs to wait until the ACK with a delay of 40 ms is received when sending SSH2_MSG_CHANNEL_OPEN_CONFIRMATION. In fact, the client and server set the socket status to TCP_NODELAY after the channel is established (received). Whether the TCP_NODELAY setting operation can be advanced until the identity authentication is complete. We can also add a configuration option. When users are sensitive to performance, TCP_NODELAY is set after the TCP connection between the server and client is established. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
