Support for merging LPK and hpn-ssh into mainline openssh?

Damien Miller djm at mindrot.org
Tue Feb 17 13:18:44 EST 2009



On Tue, 17 Feb 2009, Peter Lambrechtsen wrote:

> Hello
>
> Are there plans to merge the hpn-ssh
> (http://www.psc.edu/networking/projects/hpn-ssh/) and the LPK
> (http://code.google.com/p/openssh-lpk/) into the mainline openssh.
>
> Adding lpk has been logged as a bug in bugzilla as
>
> They are two patches that I always apply as the performance boost from
> hpn-ssh is substantial to say the least, and centralisation of the
> authorized_keys into a LDAP server is a very helpful way to manage the
> authorized keys across a myriad of servers.
>
> Is there any chance these patches could get included into mainline
> openssh?

We are slowly working on SSH performance on high B*D networks, and
OpenSSH 5.1 should be comparable in performance to the HPN patches
for most users - our internal limits should fill a 100Mbps path of
165ms. For reference, the circumference of the earth is 135 ms @ c.
We don't yet have the smarts that the HPN patch has to adjust the
ssh windows to follow TCP autotuning that are probably required to go
further/faster.

I don't think there are any plans to merge the LPK patch. We really
don't want a dependency on LDAP libraries in sshd. Maybe if it were
abstracted into a helper app that sshd could consult to verify keys
then it would be more palatable, but even this is doubtful unless it
can be done in a way that avoids complexity - there is a lot that can
go wrong.

-d


More information about the openssh-unix-dev mailing list