Support for merging LPK and hpn-ssh into mainline openssh?

Peter Lambrechtsen plambrechtsen at gmail.com
Tue Feb 17 13:41:33 EST 2009


On Tue, Feb 17, 2009 at 3:18 PM, Damien Miller <djm at mindrot.org> wrote:
>
> We are slowly working on SSH performance on high B*D networks, and
> OpenSSH 5.1 should be comparable in performance to the HPN patches
> for most users - our internal limits should fill a 100Mbps path of
> 165ms. For reference, the circumference of the earth is 135 ms @ c.
> We don't yet have the smarts that the HPN patch has to adjust the
> ssh windows to follow TCP autotuning that are probably required to go
> further/faster.

With my tests I have found ~15%+ (depending on a lot of factors like
system load, network congestion, disk subsystem etc) on a GB LAN when
transferring GB files.  Having no encryption for the transfer and
using HPN patched OpenSSH 5.1 Client & Server, or WinSCP Client (which
already includes the HPN patches) and OpenSSH 5.1+HPN server.  Would
be nice to include, but again understand the complexity with merging
the patch into the current mainline with the myriad of platforms that
are supported by OpenSSH Portable.

> I don't think there are any plans to merge the LPK patch. We really
> don't want a dependency on LDAP libraries in sshd. Maybe if it were
> abstracted into a helper app that sshd could consult to verify keys
> then it would be more palatable, but even this is doubtful unless it
> can be done in a way that avoids complexity - there is a lot that can
> go wrong.

Yes, the OpenLDAP+OpenSSL dependencies can make it a challenge to
compile.  However if it was not a default module, and when compiling
OpenSSH you could add --with-ldap=/ldap/shared/libs then that would
give end-users the option to build OpenSSH with LDAP support or not.

Thanks for the response

Peter


More information about the openssh-unix-dev mailing list