On Fri, May 21, 2010 at 10:59 AM, Brandon High <bh...@freaks.com> wrote:
> On Fri, May 21, 2010 at 7:12 AM, David Dyer-Bennet <d...@dd-b.net> wrote: > > > > On Thu, May 20, 2010 19:44, Freddie Cash wrote: > >> And you can always patch OpenSSH with HPN, thus enabling the NONE > >> cipher, > >> which disable encryption for the data transfer (authentication is always > >> encrypted). And twiddle the internal buffers that OpenSSH uses to > improve > >> transfer rates, especially on 100 Mbps or faster links. > > > > Ah! I've been wanting that for YEARS. Very glad to hear somebody has > > done it. > > ssh-1 has had the 'none' cipher from day one, though it looks like > openssh has removed it at some point. Correct. It was available in early OpenSSH version, but then removed as it could compromise security. And the OpenSSH devs continue to reject any patches that re-enable the "none cipher" for this reason. > Fixing the buffers seems to be a nice tweak though. Yes, this really makes a difference. We were initially bottlenecked by SSH (100-200 Mbps) for our rsync connections (gigabit fibre between buildings) between two FreeBSD servers (low CPU use, medium drive I/O). Bumping the buffers to 16384 on each side increased it to over 500 Mbps (now limited by CPU). We've since dropped it to 4096, as we have a lot of non-HPN-enabled remote sites we need to rysnc from, and anything over 4096 causes the connection to drop (remote end can't keep up). > > With the common use of SSH for for moving bulk data (under rsync as > well), > this is a really useful idea. Of course one should think about where one > > I think there's a certain assumption that using ssh = safe, and by > enabling a none cipher you break that assumption. All of us know > better, but less experienced admins may not. > > That's the gist of the OpenSSH devs' reasoning for rejecting the HPN patches everytime they are submitted. :) -- Freddie Cash fjwc...@gmail.com
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
