Date: Fri, 13 Jun 2008 10:54:35 -0500 From: Brooks Davis <brooks@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: freebsd-net@FreeBSD.org, Peter Losher <Peter_Losher@isc.org> Subject: Re: ssh window Message-ID: <20080613155435.GB90190@lor.one-eyed-alien.net> In-Reply-To: <485253AF.4000000@FreeBSD.org> References: <4851CC95.8070902@psg.com> <4851CD9D.3010801@isc.org> <20080613025157.GA90190@lor.one-eyed-alien.net> <485253AF.4000000@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ftEhullJWpWg/VHq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 13, 2008 at 01:02:07PM +0200, Kris Kennaway wrote: > Brooks Davis wrote: >> On Thu, Jun 12, 2008 at 06:30:05PM -0700, Peter Losher wrote: >>> Randy Bush wrote: >>>> this has been a cause of great pain for a loooong time. >>>>=20 >>>> http://www.psc.edu/networking/projects/hpn-ssh/ >>>>=20 >>>> as openssh seems not to be fixing it (and i do not consider a 2mb fixed >>>> buffer to be fixed, especially not from a 100mb link here in tokyo and >>>> servers in the states, europe, and africa), perhaps i could convince >>>> freebsd net folk to do so? >>> FYI - HPN is already a build option in the openssh-portable port. >>=20 >> I do think we should strongly consider adding the rest of it to the base. >>=20 >> -- Brooks >=20 > There seem to be a couple of issues: >=20 > 1) Connection aborts during interactive use. I started using this patch= =20 > only yesterday but already a couple of times my interactive session to a= =20 > machine has aborted from typing one character to the next. It doesnt see= m=20 > to be affecting non-interactive use. I have not investigated this yet. >=20 > 2) -c none handling is a bit weird. There is no way to shut up the=20 > warnings on non-interactive connections ("WARNING: ENABLED NONE CIPHER";= =20 > yes, I know, because I WROTE THAT SCRIPT :). Also it doesn't fall back= =20 > gracefully if the other side doesn't support -c none; it just aborts the= =20 > collection. This means you can't automatically interoperate with a non-H= PN=20 > server if you want to use 'none' encryption. This is not related to the= =20 > buffer handling but it is part of the same patch set. I really like the= =20 > idea of -c none, but I think they have gone overboard with the paranoia. It is worth noting that over most people's WAN's the none cipher is pretty pointless since you can do nearly 200Mbps with arcfour and a decent = CPU (IIRC the graphs are several years old). -- Brooks --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iD8DBQFIUpg6XY6L6fI4GtQRAg4cAKDRUHUH7319fZTB6pNLGmo7q8NuxQCffvFq LmwjEZqXl1m+TtlHheO6zhQ= =ePEq -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080613155435.GB90190>