From owner-freebsd-questions@freebsd.org  Mon Dec 10 17:53:08 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85218132E5A6
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 10 Dec 2018 17:53:08 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D920F854E1
 for <freebsd-questions@freebsd.org>; Mon, 10 Dec 2018 17:53:07 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from leaf.local (unknown [88.202.132.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 5E27978A2
 for <freebsd-questions@freebsd.org>; Mon, 10 Dec 2018 17:53:06 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none (p=none dis=none) header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/5E27978A2; dkim=none;
 dkim-atps=neutral
Subject: Re: frebsd jails advice
To: freebsd-questions@freebsd.org
References: <556380033.2269176.1544437025342.ref@mail.yahoo.com>
 <556380033.2269176.1544437025342@mail.yahoo.com>
 <20181210115829.GA35331@vps.markoturk.info>
 <fd0f9d99-baab-f4f5-74c3-757ae314358f@netfence.it>
 <20181210171629.GA66232@ultron>
 <alpine.BSF.2.20.1812101223300.89222@fledge.watson.org>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <ca8487a0-7499-a6f7-6daf-b0241586599d@FreeBSD.org>
Date: Mon, 10 Dec 2018 17:53:05 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0)
 Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <alpine.BSF.2.20.1812101223300.89222@fledge.watson.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: D920F854E1
X-Spamd-Result: default: False [-2.99 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.99)[-0.994,0];
 ASN(0.00)[asn:20712, ipnet:2001:8b0::/32, country:GB]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 17:53:08 -0000

On 10/12/2018 17:28, doug@safeport.com wrote:
> 
> On Mon, 10 Dec 2018, Ken M wrote:
> 
>> Depending on the ssh encryption format ssh -X can actually be slower 
>> than VNC.
>>
>> I offer a third suggestion, I find XRDP to be very handy combined with 
>> remmina.
>>
>> Ken
>>
>> On Mon, Dec 10, 2018 at 04:50:21PM +0100, Andrea Venturoli wrote:
>>> On 12/10/18 12:58 PM, Marko Turk wrote:
>>>
>>>> I suggest you install some VNC server inside the jails and then connect
>>>> with VNC viewer from the host.
>>>
>>> I disagree: it's too much trouble, it's slow, it's memory consuming.
>>>
>>> "ssh -X"ing into the jail works much better.
>>>
>>> Just my 2c.
>>>
> 
> I agree with the ssh-ing. I have been doing this since 5.2 on bandwidths 
> ranging from dial-up modem to my current 50mbps. Even on the modems 
> response was always better than I can type. Detail on encryption that do 
> not work would be most helpful. I have akways used RSA.

Assuming you're using fairly recent FreeBSD for both ends of the SSH 
connection, then you can use RSA, ECDHA or ED_25519 type keys for 
authentication.  Which of these you use doesn't make much difference to 
overall performance as the PKI part is only used at login time for 
authentication and to securely exchange a session key -- that's 
symmetric encryption using a cipher like chacha20-poly1305@openssh.com 
or aes256-gcm@openssh.com.  These symmetric-key ciphers handle all of 
the actual traffic.  They're also significantly faster than the 
asymmetric encryption.

In fact, anything reputable offering encrypted network traffic nowadays 
will be using pretty much the same set of ciphers as SSH.  So overall 
performance differences will probably come down to the volume and nature 
of the data being sent to-and-fro, and the characteristics of the 
networks you're traversing.

'ssh -X' basically sends a stream of X events -- mouse movements, button 
clicks, key presses, in one direction, window redraws, etc. in the 
other; whereas VNC sends a raster image of the screen, usually with 
various traffic compression applied, including such techniques as 
sending only the deltas between successive frames.

Which one turns out faster depends entirely on the application you're 
running and how you're interacting with it.  'ssh -X' is usually "fast 
enough" if client and server are on fairly nearby networks with a low 
latency, reasonably high bandwidth connection between them -- so both on 
the same LAN.  It suffers if your client app is way away in darkest 
Elbonia at the other end of a piece of wet string, and VNC can indeed 
perform better there.  On a good network though, you'll likely not 
notice much difference whatever way you work it.

	Cheers,

	Matthew