openssh as a proxy: ForceCommand limitations & speed penalty
Amr Saad
as.amr.saad at gmail.com
Mon Feb 21 05:22:41 EST 2011
I've hit two roadblocks while using openssh -D as a general proxy:
- openssh doesn't have an internal-null, so the options are to either
give the user account a real shell and ForceCommand, or set the shell
to something like /bin/cat and ChrootDirectory. I don't want
proxy-only accounts to have a shell at all.
- Comparing mini-httpd SSL/aes256 vs mini-httpd (localhost/no SSL) via
openssh -D/aes256 shows a c. 20% speed penalty on urandom blocks. Is
this expected?
More information about the openssh-unix-dev
mailing list