Optimizing SSH for low speed links

Alfred alfred at mazuma.net.au
Thu Aug 8 12:34:33 EST 2002 

Also watch out for errors on the link. Losing packets (due to errors) is 
costly for SSH due to block cipher. Perhaps some kind of UDP based 
secure transfer would work better (if this is the problem) as it is 
better suited to cope with errors (TCP and thin pipe and errors don't 
play friendly).

Barndon Daron wrote:
> Over a fast link it appears to be ok. If we remove the radio link (but rate limit to 2400b) it is better (but not by much). Machine on one end is a PII 300 - the other is a fully kitted out e420 - so speed on either end shouldnt be much of an issue... Will investigate the entropy though...
> 
> -----Original Message-----
> From: Brad Hards [mailto:bhards at bigpond.net.au]
> Sent: Thursday, 8 August 2002 12:05 PM
> To: linux at lists.samba.org
> Subject: Re: Optimizing SSH for low speed links
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, 8 Aug 2002 12:00, Sam Couter wrote:
> <snip>
> 
>>Ian McCulloch <ianmcc at lorentz.leidenuniv.nl> wrote:
>>
>>>I have noticed that initiating an ssh connection on a slow link can take
>>>a long time, I guess it depends on which authentication method you use
>>
>>Are you sure it's the link that is affecting the connection
>>establishment? I have a slow machine at home on a reasonably fast
>>network, and each time I establish an SSH connection it takes a while to
>>crank out the session key. Once established, it's quite responsive.
> 
> 
> If this is a machine without much randomness (eg you don't use the keyboard or 
> mouse, because this is probably some data collection device at a remote site, 
> right), then maybe that is the problem. Can you try the same configuration on 
> a fast link? That would help identify the problem.
> 
> One solution might be to get a newer machine that has build in random 
> generator, or change the sources of entropy.
> 
> Brad
> 
> - -- 
> http://conf.linux.org.au. 22-25Jan2003. Perth, Australia. Birds in Black.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE9UdHKW6pHgIdAuOMRAswaAJ9E51JkodhBL0Wcg7IEP8trWUMFIwCdFWZk
> SlqPoLXTtc9l3iSvaBkHMZA=
> =z50Z
> -----END PGP SIGNATURE-----

More information about the linux mailing list