[Bug 3768] Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jan 11 19:53:43 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3768
--- Comment #2 from bitianyuan <bty at mail.ustc.edu.cn> ---
After observation, we find that the performance deterioration is not
caused by the public key rotation mechanism itself. Instead, the
SSH2_MSG_CHANNEL_OPEN_CONFIRMATION message is sent again after the
public key is sent. However, the client does not need to send any
message (the SSH2_MSG_CHANNEL_Open and SSH2_MSG_GLOBAL_REQUEST messages
have been sent). Therefore, after the client receives the message, the
kernel waits for 40 ms to send an ACK message. As a result, the server
kernel needs to wait until the ACK with a delay of 40 ms is received
when sending SSH2_MSG_CHANNEL_OPEN_CONFIRMATION.
In fact, the client and server set the socket status to TCP_NODELAY
after the channel is established (received). Whether the TCP_NODELAY
setting operation can be advanced until the identity authentication is
complete.
We can also add a configuration option. When users are sensitive to
performance, TCP_NODELAY is set after the TCP connection between the
server and client is established.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list