Re: ssh .vs. rsh

From: Steve Bonds (05gekfc02_at_sneakemail.com)
Date: 01/22/04

  • Next message: Mark Wisbey: "using SSH without password authentication bi-directionally" 
    Date: Thu, 22 Jan 2004 09:59:23 -0800 (PST)
To: secureshell@securityfocus.com

    On Wed, 21 Jan 2004, Asif Iqbal iqbala-at-qwestip.net
    |secureshell@securityfocus.com| wrote:

    > We have users remotely accessing applications that has GUI in Solaris
    > env. It responds real fast if you use rsh, but its pretty slow for
    > openssh of any flavor. Is there way we can speed it up ? may be by using
    > -c blowfish ?

    If you're looking for better throughput, changing to blowfish will help.
    However, it sounds like you're concerned about the response time. There
    is significantly more connection setup involved in an SSH connection than
    rsh, so it will always be slightly slower. However, if the connection
    setup is extremely slow (on the order of several seconds), you might have
    a problem.

    On some other platforms, the process of generating enough entropy for a
    secure connection can take a fair amount of time (sometimes over 10
    seconds). I didn't think this was a problem for Solaris, but it might be
    worth looking into.

    Some other things to try:
      + run ssh -v and see if one particular step hangs
      + check that your entropy source is running quickly
        - if you have /dev/random, be sure sshd is using it and it's not
          being fully drained
        - check the ssh_prng_cmds to see if any of them are very slow
          on your system
      + build a profiling version of sshd and run some tests to see where it
        is slow

    Anyone else have suggestions?

      -- Steve

  • Next message: Mark Wisbey: "using SSH without password authentication bi-directionally"

    Relevant Pages

    • Re: krb5 port: -current behaves differently than 4.X w.r.t rsh (possibly EPERM from bind)
      ... host sends a new SYN back to the client on the client's source port + 1. ... closing off the original connection attempt. ... I'd really like to get the Kerberos rsh client ...
      (freebsd-current)
    • Re: ssh .vs. rsh
      ... >>We have users remotely accessing applications that has GUI in Solaris ... > is significantly more connection setup involved in an SSH connection than ... > rsh, so it will always be slightly slower. ... Good judgement comes with experience. ...
      (SSH)
    • Re: How to detach from remote command?
      ... was to disassociate the task from the shell that rsh brought up. ... rsh brings up a shell on the remote machine ... No, the forked remote process keeps the connection open as it has stdin/out/err all connected to the connection; when it finishes, it closes the streams and so the connection can then die. ...
      (comp.os.linux)
    • Re: ssh .vs. rsh
      ... If you're not worried about encrypting the X session then just turn off ... Then it's just as fast or faster than rsh. ... is significantly more connection setup involved in an SSH connection than ... + check that your entropy source is running quickly ...
      (SSH)
    • Re: SSH Connection Time Problems
      ... > FreeBSD 4.5-Stable box to my web hosting company's servers, ... It takes over a minute to establish a connection, ... I was able to get an SSH connection directly to them ... Try adding the following rule to your IPFW rule set. ...
      (FreeBSD-Security)