High Performance SSH/SCP - HPN-SSH

Michael Stahnke mastahnke at gmail.com
Thu Jul 12 16:12:04 UTC 2007


On 7/12/07, Pádraig Brady <P at draigbrady.com> wrote:
> Farkas Levente wrote:
> > hi,
> > is there any plan to include High Performance SSH/SCP - HPN-SSH into
> > fedora's ssh?
> > http://www.psc.edu/networking/projects/hpn-ssh/
>
> I noticed that for scp if you disable compression (yes disable),
> then transfer rate increases a lot. I looked at it very quickly
> and it seemed worse the more the data compressed.
> Also Protocol=1 seems much better:
>
> dd bs=1M count=50 if=/dev/zero of=50MB_zeros
> dd bs=1M count=50 if=/dev/urandom of=50MB_random
>
> $ scp localhost:50MB_random /tmp
> 50MB_random                                   100%   50MB  10.0MB/s   00:05
>
> $ scp -C localhost:50MB_random /tmp
> 50MB_random                                   100%   50MB   4.6MB/s   00:11
>
> $ scp -C localhost:50MB_zeros /tmp
> 50MB_zeros                                    100%   50MB   2.3MB/s   00:22
>
> #setting Protocol=1 in sshd_config I get the following speed:
> $ scp -C localhost:50MB_zeros /tmp #Includes time to type password!
> 50MB_zeros                                    100%   50MB  12.5MB/s   00:04
>
If all you care about is speed why use SSH?  Use FTP.  Protocol is has
some flaws that really can't be overcome, hence, the existance of
protocol 2.


>
>
> When talking about improvements to ssh, chrootssh seems useful:
> http://chrootssh.sourceforge.net/
>
> Also upstream openssh breaks X forwarding in interesting ways
> unless -Y is specified (at least fedora fixes this).

Remember that upstream's job is for SSH to be SECURE, not to have all
these bells and whistles.  I asked them about X.509 support,
tab-completion in sftp, Public keys in LDAP, and several other
features and the answer is always, "will it introduce more bugs
specifially in the security space?"  Since they are not sure, they
decide to be cautious.  I actually am kind of surprised the project
hasn't forked into the feature-rich SSH and a stable/secure one
(classic) OpenSSH.



stahnma
>
> Also scp does full remote login etc.
> even if local specified files don't exist
>
> Also scp has weird error messages:
> $ scp /etc/fstab localhost:/non_existent/
> scp: /non_existent/: Is a directory
>
>
> Don't get me started...
>
> Pádraig.
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>




More information about the fedora-devel-list mailing list