openssh installation success

Damien Miller djm at mindrot.org
Mon Sep 4 15:21:03 EST 2000


On Mon, 4 Sep 2000, Faheem Mitha wrote:

> 1) I asked a long time ago on the ssh newsgroup whether there was any
>    way to interactively turn on and off encryption while a ssh session
>    is going on. The reason was that it might speed things up, and
>    often in a ssh session one only cares about encrypting the
>    password. The answer was apparently no, and I am wondering whether
>    this is still true, and if so, why. Ie. the feature was not added
>    because it was considered unnecessary, undesirable, or just
>    impossible to implement within  the current framework

If you use a fast cipher (e.g blowfish) then you are likely to be able
to run at wire speeds anyway. On a Celery 400, Blowfish can push 13 
megabytes per second:

[damien at neon damien]$ openssl speed bf
Doing blowfish cbc for 3s on 8 size blocks: 4433946 blowfish cbc's in 2.96s
Doing blowfish cbc for 3s on 64 size blocks: 631695 blowfish cbc's in 2.94s
Doing blowfish cbc for 3s on 256 size blocks: 159063 blowfish cbc's in 2.96s
Doing blowfish cbc for 3s on 1024 size blocks: 40825 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 8192 size blocks: 4981 blowfish cbc's in 2.96s
OpenSSL 0.9.5a 1 Apr 2000
built on: Wed Aug  9 10:17:01 EST 2000
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) 
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
The 'numbers' are in 1000s of bytes per second processed.
type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
blowfish cbc     11983.64k    13751.18k    13756.80k    14028.46k    13785.25k

> 2) What is a good value of compression to use for ssh logins to remote
>    sites, if using a modem? 

I am told that zlib has diminishing returns after level 4, but some real
numbers would be much better than anecdote :)

> Oh yes, and please recommend a good place on the web to learn about
> ssh. Your manual page assumes some expertise.
 
The ssh at clinet.fi mailing list is pretty general.

Regards,
Damien Miller

-- 
| ``The power of accurate observation is  | Damien Miller <djm at mindrot.org>
| commonly called cynicism by those who   | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org







More information about the openssh-unix-dev mailing list