Re: Linux/SSH: how to improve i586 performance?
From: Chris Calabrese (chris_calabrese_at_yahoo.com)
Date: 02/04/04
- Next message: Pete Flugstad: "Re: Linux/SSH: how to improve i586 performance?"
- Previous message: Jared: "Re: scp in a multi-piped command?"
- In reply to: Spam Averse: "Linux/SSH: how to improve i586 performance?"
- Next in thread: Pete Flugstad: "Re: Linux/SSH: how to improve i586 performance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Feb 2004 11:39:23 -0800
Most off SSH's cpu usage is in the crypto routines in the OpenSSL
libraries.
Not much you can do about it other than get a faster processor...
Meanwhile, OpenSSH v3.1p1 on RedHat 7.3, is not exactly a secure
combination.
First becaust the version of OpenSSH you're using has a huge security
hole that is actively exploited on the Internet (you can ask my
office-mate whose box was knocked over last year...). You should run
3.7p1 or later.
Also because RedHat no longer supports v7.3 as of the beginning of
this year. No major issues if you've done a recent up2date, but as new
vulnerabilities are discovered, Red Hat will not be producing patches
for 7.3 going forward.
If you want to stay in the RedHat family, I suggest going with the
latest Fedora builds.
Otherwise, you might want to check out OpenBSD, which specifically
targeted for things like firewalls.
Spam Averse <info@optinbig.com> wrote in message news:<eE8Ub.222425$na.360672@attbi_s04>...
> Hello.
>
> I am running OpenSSH v3.1p1 in a Linux (Red Hat v7.3) system with a
> Pentium/150MHz CPU. I'd like to improve the SSH performance on this
> system.
>
> This old machine is used as a firewall box, yet I see that much of the
> overall CPU time is used by the SSH daemon. I use SSH to maintain the
> system.
>
> Are there any build or configuration changes I can make to SSH that will
> improve performance without reducing security?
>
> A related question: how much of the CPU intensive work is done by OpenSSH
> and how much is done by 3rd-party libraries (OpenSSL for crypto, zlib for
> compression, etc.)?
>
> Thanks.
- Next message: Pete Flugstad: "Re: Linux/SSH: how to improve i586 performance?"
- Previous message: Jared: "Re: scp in a multi-piped command?"
- In reply to: Spam Averse: "Linux/SSH: how to improve i586 performance?"
- Next in thread: Pete Flugstad: "Re: Linux/SSH: how to improve i586 performance?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
