Re: ssh .vs. rsh

From: Robert L Sowders (rsowders_at_usgs.gov)
Date: 01/23/04

  • Next message: Atro Tossavainen: "Re: ssh .vs. rsh" 
    To: "Steve Bonds" <05gekfc02@sneakemail.com>
Date: Fri, 23 Jan 2004 09:24:06 -0800

    If you're not worried about encrypting the X session then just turn off
    the cypher or select none on your client. The login is still encrypted.

    Then it's just as fast or faster than rsh.

    rls

    "Steve Bonds" <05gekfc02@sneakemail.com>
    01/22/2004 09:59 AM

     
            To: secureshell@securityfocus.com
            cc:
            Subject: Re: ssh .vs. rsh

    On Wed, 21 Jan 2004, Asif Iqbal iqbala-at-qwestip.net
    |secureshell@securityfocus.com| wrote:

    > We have users remotely accessing applications that has GUI in Solaris
    > env. It responds real fast if you use rsh, but its pretty slow for
    > openssh of any flavor. Is there way we can speed it up ? may be by using
    > -c blowfish ?

    If you're looking for better throughput, changing to blowfish will help.
    However, it sounds like you're concerned about the response time. There
    is significantly more connection setup involved in an SSH connection than
    rsh, so it will always be slightly slower. However, if the connection
    setup is extremely slow (on the order of several seconds), you might have
    a problem.

    On some other platforms, the process of generating enough entropy for a
    secure connection can take a fair amount of time (sometimes over 10
    seconds). I didn't think this was a problem for Solaris, but it might be
    worth looking into.

    Some other things to try:
      + run ssh -v and see if one particular step hangs
      + check that your entropy source is running quickly
        - if you have /dev/random, be sure sshd is using it and it's not
          being fully drained
        - check the ssh_prng_cmds to see if any of them are very slow
          on your system
      + build a profiling version of sshd and run some tests to see where it
        is slow

    Anyone else have suggestions?

      -- Steve

  • Next message: Atro Tossavainen: "Re: ssh .vs. rsh"

    Relevant Pages

    • Re: ssh .vs. rsh
      ... is significantly more connection setup involved in an SSH connection than ... rsh, so it will always be slightly slower. ... + check that your entropy source is running quickly ...
      (SSH)
    • Re: krb5 port: -current behaves differently than 4.X w.r.t rsh (possibly EPERM from bind)
      ... host sends a new SYN back to the client on the client's source port + 1. ... closing off the original connection attempt. ... I'd really like to get the Kerberos rsh client ...
      (freebsd-current)
    • Re: ssh .vs. rsh
      ... >>We have users remotely accessing applications that has GUI in Solaris ... > is significantly more connection setup involved in an SSH connection than ... > rsh, so it will always be slightly slower. ... Good judgement comes with experience. ...
      (SSH)
    • Re: Creating an encrypted tunnel for remote shares
      ... >> Yes you could use an IPSec connection to encapsulate your Samba ... > importance of encrypting the connection. ... You could also consider using something like openvpn to form a secure ... and ssl based tunnel between the two systems. ...
      (alt.linux)
    • Re: Creating an encrypted tunnel for remote shares
      ... >> Yes you could use an IPSec connection to encapsulate your Samba ... > importance of encrypting the connection. ... You could also consider using something like openvpn to form a secure ... and ssl based tunnel between the two systems. ...
      (alt.os.linux)