[ale] sshd resource intensive??

James P. Kinney III jkinney at localnetsolutions.com
Sun May 16 15:19:49 EDT 2004 

On Sun, 2004-05-16 at 09:52, Geoffrey wrote:
> Drag0n wrote:
> > Considering that the sender has to encrypt the data on the fly and the
> > receiver has to decrypt it as it receives it, processor speed more than
> > bandwidth determines throughput on local networks. This is to be
> > expected unless you have dedicated ssl accelerators in each machine that
> > ssh has been configured to use.
> 
> So considering this issue, anyone have better suggestions for securing a 
> wifi connection.  vtunnel or openvpn perhaps?  I would expect them all 
> to have similar overhead issues.  As I recall, vtunnel is ssh based 
> anyway.  Maybe some tweeks to ssh could produce faster processing?

SSH can be a real system hog. Look at the encryption algorithms that are
available and manually select a low overhead/fast one. Blowfish is a
_much_ faster cipher than the default 3des. My understanding of the
process is that a fast block cipher is sufficient for data transfer that
is not critical (i.e. no password exchanges, sensitive data, etc) since
all the hard, sensitive stuff (login) takes place with key exchange.

If there is a need for transfer speed of a large file, encrypt it first,
then transfer the encrypted file using a fast cipher and decrypt on the
far end.

If the network is secured anyway, (i.e. home LAN) and if the openssh on
both ends has been compiled with the optional "-c none" support, you can
use the secure login process with unencrypted data transfer.

-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list