ssh window

Brooks Davis brooks at FreeBSD.org
Fri Jun 13 15:54:06 UTC 2008 

On Fri, Jun 13, 2008 at 01:02:07PM +0200, Kris Kennaway wrote:
> Brooks Davis wrote:
>> On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote:
>>> Randy Bush wrote:
>>>> this has been a cause of great pain for a loooong time.
>>>> 
>>>>    http://www.psc.edu/networking/projects/hpn-ssh/
>>>> 
>>>> as openssh seems not to be fixing it (and i do not consider a 2mb fixed
>>>> buffer to be fixed, especially not from a 100mb link here in tokyo and
>>>> servers in the states, europe, and africa), perhaps i could convince
>>>> freebsd net folk to do so?
>>> FYI - HPN is already a build option in the openssh-portable port.
>> 
>> I do think we should strongly consider adding the rest of it to the base.
>> 
>> -- Brooks
> 
> There seem to be a couple of issues:
> 
> 1) Connection aborts during interactive use.  I started using this patch 
> only yesterday but already a couple of times my interactive session to a 
> machine has aborted from typing one character to the next.  It doesnt seem 
> to be affecting non-interactive use.  I have not investigated this yet.
> 
> 2) -c none handling is a bit weird.  There is no way to shut up the 
> warnings on non-interactive connections ("WARNING: ENABLED NONE CIPHER"; 
> yes, I know, because I WROTE THAT SCRIPT :).  Also it doesn't fall back 
> gracefully if the other side doesn't support -c none; it just aborts the 
> collection.  This means you can't automatically interoperate with a non-HPN 
> server if you want to use 'none' encryption.  This is not related to the 
> buffer handling but it is part of the same patch set.  I really like the 
> idea of -c none, but I think they have gone overboard with the paranoia.

It is worth noting that over most people's WAN's the none cipher is
pretty pointless since you can do nearly 200Mbps with arcfour and a decent CPU
(IIRC the graphs are several years old).

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080613/3f1db874/attachment.pgp

More information about the freebsd-net mailing list