Question performnace of SSH v1 vs SSH v2

Damien Miller djm at mindrot.org
Sat Feb 26 14:37:46 EST 2005


Amba Giri wrote:
> Hello
> 
> I have ported OpenSSH 3.8p1 to a LynxOS platform.  Recently I heard a
> report from the field that  v2 is perceived to be significantly slower
> than v1.  Is this a known issue? Are there any configuration parameters
> that can be modified to make v2 faster?

Protocol 2 is slower because it includes a real per-packet MAC instead
of a weak checksum. You can save some overhead by using a truncated MAC
like hmac-sha1-96, but there is always going to be more work per packet.

I have looked at implementing AES CCM, which could be much faster,
particularly on platforms with AES implemented in CPU instructions, but
it doesn't fit nicely in the cipher and MAC negotiation mechanism.

-d




More information about the openssh-unix-dev mailing list