From owner-freebsd-current@FreeBSD.ORG Mon Oct 27 16:35:14 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CDA19533 for ; Mon, 27 Oct 2014 16:35:14 +0000 (UTC) Received: from mail-ob0-x22f.google.com (mail-ob0-x22f.google.com [IPv6:2607:f8b0:4003:c01::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 93CF3F8B for ; Mon, 27 Oct 2014 16:35:14 +0000 (UTC) Received: by mail-ob0-f175.google.com with SMTP id wm4so2292231obc.6 for ; Mon, 27 Oct 2014 09:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=0ZQtxvNcEzJYKISK+yjlG8mim5quUBKofe3wjN6+ZB8=; b=Tip0llNatlSXmTFG61exCMulWqYHHcpJBfoRQQIZuh4rgIVjV4k0pXUZEPoQvrqFwB cA1XHFSGkNSgc09nSpAKkOgZwMv27lSBqq2bgKM/rL+9duYlJmcUf6noqyOLglTYHUDC 18zeb37FpLv31VllHpQ8yrLX58i1s5EyMxnFhEoE1TZbSas/5PRhpw1HLrKb8lKz0oBz OiXn+04co6zhdk4XViZZiur3b+uG/49kSnJv89l5489hSeyW1fW6O+NQOoOPFwtVyiWf R/Owu5Zc3Afpuz3pSftdR/GB0sD7vKDTynPnWErSX82xDI1fcJxajHk+zuv8tMOi50z4 3Lfw== MIME-Version: 1.0 X-Received: by 10.182.233.169 with SMTP id tx9mr9499382obc.38.1414427713905; Mon, 27 Oct 2014 09:35:13 -0700 (PDT) Received: by 10.202.104.195 with HTTP; Mon, 27 Oct 2014 09:35:13 -0700 (PDT) In-Reply-To: References: <5441E834.2000906@freebsd.org> <544246E8.1090001@ijs.si> <20141019074600.GD82214@funkthat.com> Date: Mon, 27 Oct 2014 09:35:13 -0700 Message-ID: Subject: Re: ssh None cipher From: Freddie Cash To: Mark Martinec , FreeBSD-Current Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2014 16:35:15 -0000 On Sun, Oct 19, 2014 at 10:35 AM, Freddie Cash wrote: > On Oct 19, 2014 12:46 AM, "John-Mark Gurney" wrote: > > > > Freddie Cash wrote this message on Sat, Oct 18, 2014 at 10:21 -0700: > > > On Oct 18, 2014 3:54 AM, "Mark Martinec" > > > > wrote: > > > > > > > > If the purpose of having a none cipher is to have a fast > > > > file transfer, then one should be using sysutils/bbcp > > > > for that purposes. Uses ssd for authentication, and > > > > opens unencrypted channel(s) for the actual data transfer. > > > > It's also very fast, can use multiple TCP streams. > > > > > > That's an interesting alternative to rsync, scp, and ftp, but doesn't > help > > > with zfs send/recv which is where the none cipher really shines. > > > > > > Without the none cipher, SSH becomes the bottleneck limiting transfer= s > to > > > around 400 Mbps on a gigabit LAN. With the none cipher, the network > becomes > > > the bottleneck limiting transfers to around 920 Mbps on the same > gigabit > > > LAN. > > > > > > This is between two 8-core AMD Opteron 6200 systems using igb(4) NICs= . > > > > Are you running on HEAD or possibly 10.x (I believe we have OpenSSL > > 1.0.x on 10.x)? > > Nope, 9.2. And I don't think the 6200 series Opterons have AES-NI. > =E2=80=8BCorrection, the AMD Opteron 6200-series of CPUs to support AES-NI. However, these storage boxes use AMD Opteron 6128 CPUs. :( They do not support AES-NI. AES-based ciphers are extremely slow on these systems; the multithreaded AES-based ciphers are better, but nowhere near what the NONE cipher provides. :) sysutils/bbcp is interesting as an alternative, but it's a lot more complex than just enabling NONE in OpenSSH. --=20 Freddie Cash fjwcash@gmail.com