From owner-freebsd-questions@FreeBSD.ORG Tue Apr 14 23:02:25 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C8A2106566B for ; Tue, 14 Apr 2009 23:02:25 +0000 (UTC) (envelope-from vlack@vlack.com) Received: from marin.joyent.us (marin.joyent.us [8.17.171.164]) by mx1.freebsd.org (Postfix) with ESMTP id 6FCE78FC12 for ; Tue, 14 Apr 2009 23:02:25 +0000 (UTC) (envelope-from vlack@vlack.com) Received: from AndrAIa.neuric.selfip.net (rrcs-24-173-32-42.sw.biz.rr.com [24.173.32.42]) by marin.joyent.us (Postfix) with ESMTPSA id 3F7D24CB65 for ; Tue, 14 Apr 2009 22:43:02 +0000 (GMT) Message-Id: <165793A0-66E5-4B38-9C94-4302D78A3F8F@vlack.com> From: Micah R Ledbetter To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Tue, 14 Apr 2009 17:43:01 -0500 X-Mailer: Apple Mail (2.930.3) Subject: Problems with SSH and Subversion over SSH/HTTPS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2009 23:02:25 -0000 Hello, all. I'm having a couple of problems that I can't get to the bottom of. I'm using a FreeBSD 7.1-RELEASE-p2 server running on AMD64, serving ssh and https, with various Mac OS X and Windows clients. I have recently come to wonder if these problems (described below) are related to SSL somehow, or perhaps /dev/random. If there's any tuning I could do along those lines, or if anyone has any other tips at all that could improve this situation, I'd very much love to hear them. 1) Paging through a lot of text over SSH is very slow. If I compile a large program, or cat a large text file, or even use less to page through 8-10 pages of text, ssh becomes very slow. Sometimes I can wait it out, and let it catch up after a half minute or so, but sometimes I just have to kill ssh and reconnect. This is notable to me because when I was running other operating systems on the same box (Solaris 10 and Linux, at various points in the past), which I could of course make my connection fail if I ran pathological tests, the difference was like night and day. Now, if I cat a file which turns out to be bigger than I expect, typing ^C several times - even if I do so just a couple of seconds after I start the cat - tends to cancel the cat only rarely... the buffer is so far behind that it can't process my input until it catches up, which it can't do and I have to end up killing the connection. This is much different than my experience with other operating systems. This happens when I'm using OpenSSH 5.1p1 on my Mac, and when I'm using any of several recent versions of PuTTY on the various Windows machines. Oddly, I can get decent speed when copying large files over sftp or scp - I haven't done any benchmarks, but it's in line with normal network speed for a 100mbps network. 2) SVN over both svn+ssh:// and https:// is also very slow The repository in question is only three revisions old, and the whole repo is less than 200K. All of the files are plain text. If I check this repo out, via either svn+ssh, or https, using the command line client installed on my Mac (which happens to be... Subversion 1.5.1), it takes two or three minutes over a perfectly fast Internet connection. If I use TortoiseSVN on a Windows machine, it takes so long that TSVN times out and says it can't complete the transaction. (Using a command-line SVN client on Windows seems to produce similar results to the command line client on my Mac). If I type in the https:// URL for the subversion repository in a web browser, and click on individual text files, it displays them much more slowly (taking several seconds for a file only a few KB large) than I would expect as well. I have tried this with Subversion version 1.5.1 and 1.6.0, compiled from ports, on the FreeBSD server, with no change. When this is happening, load remains at near 0.00 on the FreeBSD server. The network connection is plenty fast, as previously mentioned, and the behavior is the same whether I'm connecting over the Internet (the FreeBSD box has a 16mbps/2mbps link) or the 100mbps local LAN. For the record: I *have* compiled my own kernel, but its configuration differs only from the GENERIC kernel in my appending of the following options: > options IPFIREWALL > options IPDIVERT > options GEOM_MIRROR If necessary, I can test with the GENERIC kernel again. I have not changed the kern.random parameters, but here they are for the sake of completeness. They are in line with the defaults, at least as far as i can tell from random(4). > # sysctl kern.random > kern.random.yarrow.gengateinterval: 10 > kern.random.yarrow.bins: 10 > kern.random.yarrow.fastthresh: 192 > kern.random.yarrow.slowthresh: 256 > kern.random.yarrow.slowoverthresh: 2 > kern.random.sys.seeded: 1 > kern.random.sys.harvest.ethernet: 1 > kern.random.sys.harvest.point_to_point: 1 > kern.random.sys.harvest.interrupt: 1 > kern.random.sys.harvest.swi: 0 I very much thank anyone for any help they can provide. - Micah