HPN-SSH for OpenSSH 6.2

rapier rapier at psc.edu
Thu Aug 15 07:36:31 EST 2013


It's been a while since I've made an announcement here but I wanted to 
mention that we've just released a set of HPN-SSH patches for 
OpenSSH6.2. The release marks the first time I've had the resources/help 
to actually do anything more than just forward port the patches in quite 
a while.


Items of note:

1) The multithreaded AES-CTR (MT-AES-CTR) cipher now works as expected 
in all situations. Previously MT-AES-CTR failed in dynamic forwarding 
tests because context with the threads were lost when daemon() was 
called. Starting with 6.1 it also failed on the server side with the 
introduction of sandboxing by default. Under the rlimit method NPROCS 
being set to zero precluded the possibility of threads being started in 
in privsep. This issue has been resolved by swapping the pointer for the 
AES CTR cipher from the nonthreaded AES-CTR cipher to MT-AES-CTR after 
authentication and then forcing a rekey. Throughput improvements of more 
than 50% were seen on test systems. MT-AES-CTR is cipherstream 
compatible with the default implementation.

2) In order to reduce the complexity of the patch sets I've finally 
stripped the postauth NONE cipher switching from the patchsets. It's now 
a standalone patch.

Thanks for your time!

Chris Rapier

More information about the openssh-unix-dev mailing list