SSh internal window size.. (again)

From: Julian Elischer (julian_at_vicor.com)
Date: 04/29/04

  • Next message: Eric Knauel: "Delegating GSS credentials fails"
    Date: Wed, 28 Apr 2004 17:54:02 -0700
    To: secureshell@securityfocus.com
    
    

    sshd:
    openssh version sshd version OpenSSH_3.5p1 FreeBSD-20030924
    ssh:
    OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

    So, I'm ssh-ing data from machine A to machine B using sftp.

    with ping times of 60ms, I can't get over 600KB/sec

    looking at the SYN packats going over the wire, the negotiation looks like:
    A->B S 1041192722:1041192722(0) win 65535
        <mss 1460,nop,wscale 2,nop,nop,timestamp 20289777 0> (DF)
    B->A S 1916098679:1916098679(0) ack 1041192723 win 57344
        <mss 1460,nop,wscale 0,nop,nop,timestamp 616601895 20289777> (DF)

    the recv and send default buffer sizes are set to 128K, on both sides
    window scaling is enable on both sides,
    so one would think that larger windows would result and data would flow
    faster, but..
    no. it looks as if..

    (1) there is an internal windowing going on in the ssh protocol with a 64K
      window size.. Is this changeable?).

    (2) sshd opens it's socket with a 57KB window anyhow, despite the
    higher default window size.. is this true?

    Can these things be changed? it's be nice to be able to use ssh
    to transfer data at the available bandwith..


  • Next message: Eric Knauel: "Delegating GSS credentials fails"

    Relevant Pages

    • Re: ssh with tcp_wrappers!! contd/-
      ... Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this, ... Login, as root, to my Linux system containing the sshd server. ... i am not willing to compile openssh package is there any way out via rpm installation. ... Then try to ssh to localhost. ...
      (RedHat)
    • Re: use ipchains to block all ports > 60,000
      ... else going on here except sshd which allows me to log in and monitor the ... Telnet not running but here's the ouput of ssh -V and sshd -V ... OK, ran that from an external box and it showed open ports 22, 80, plus ... My ISP looked for evidence of massive scans emanating from my ip address ...
      (comp.os.linux.security)
    • remote administration of upgrades
      ... server that I administer runs FreeBSD 4.8, ... have ssh access to ... don't want to fubar sshd and then not be able to ... kill only the ...
      (freebsd-questions)
    • Re: Is OpenSSH 3.5p1 secure?
      ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... Here are a couple specific recommendations for you that you may wish ... Make sure your Protocol 2 RSA or DSA sshd keys are at the very ...
      (comp.security.ssh)
    • Re: some attack to fedora machine .
      ... will compromise the BIOS, these will be cross platform, they will affect ... F8 installation last December. ... Each and every time the invader came in through ssh. ... Window$ maybe Window$, and *nix *nix, but because window ...
      (Fedora)