On 30/08/2019 11:33, Per Jessen wrote:
Anton Aylward wrote:
On 30/08/2019 10:40, Lew Wolfgang wrote:
OTOH, it might be easier to figure out munge and go with mrsh?
I think not. As far as I can tell its just another certificate/authentication system. SSH is well documented, and I found it remarkable easy to set up for certificate based transparent login.
I think maybe you have overlooked $SUBJ - to maximise thruput Lew wants to avoid ssh.
Let's assume that he ignores all the "none" options. There's a variety of different encryption algorithms available; obviously the 'overhead' will depend on which one is used. So how does 'ssh' compare to 'telnet'? https://superuser.com/questions/1108165/what-is-the-overhead-of-ssh-compared... - Yes and no. There is a rekeying after 1 GB of data or 1 hour of connection time. Can also depend on whether keys are used for authentication. Diffie- Hellman is generally more expensive than RSA key exchange, but since it only happens once(ish) not a big deal. - Yes there is overhead: you have to add random padding of at least 4 byte (SSH2) And each data package gets an HMAC of some sort. Depending on what is used. I don't know how much exactly but it is less at max 33 byte (Full sha2 length) Max payload is 35000 - 4 byte padding. You get about 37/34996 = 0.001 % overhead or less. - CPU overhead is minimal. That was one of the goals for AES standard. Same here. It is roughly symmetrical since the crypto operations are .- - If someone blasts a 1 GBit connection at you and copies 10 GB of data via scp: using a standard intel i7 probably two or three at a time. Its likely that your NIC or storage bottle necks first. I note that answer says nothing about buffer size; I'd have thought that would be a factor. It certainly will be if you use 'netcat', but then again, perhaps you also need to 'tune" the TCP buffers and latency. Oh, right, 'latency'! Of course there's also https://superuser.com/questions/326211/best-way-to-transfer-files-over-a-lan... This https://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/ has nice graphs comparing the various encryption methods. HOWEVER, that's with old hardware. Modern cpus come with instruction sets and microcode that facilitate the implementation of AES: https://possiblelossofprecision.net/?p=2255 The article also makes the point that the receiving system's filesystem and buffers and the way it updates can also affect overall performance. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org