[OmniOS-discuss] Slow ssh transfers

Thomas Wagner tom-omnios-discuss at tom.bn-ulm.de
Wed Oct 12 17:49:16 UTC 2016


The SSH Daemon is in most cases the limiting party. 
The ssh client is allowed to support much more older 
and weaker algorithms and protocols.
Therefore I would compare the Ciphers and macs the
Server supports.

If you run the ssh client with "ssh -vvv" then you see
what the SSH server offers and what the client can do.

Preferences can be tweaked from the server side if the
order inside the Chipers / KexAlgorithms / macs
are changed. The same is the case on the client side
if e.g. the allowed algorithms are locked down to a secure
and fast enough Cipher / mac.


I've seen on older CPUs that they limit transfer speed
early if newer algorithms are used. The hardware
accelleration does not help in all cases, as they can't
support all algorithms with accelerated subtasks.
Are junks very small? Then HW-accelleration is usually
killed by the overhead.

So I would experiment with the algorithms / macs and try 
finding one which is accellerated on both sides.

Thomas


> >
> > Can you provide the output of 'ssh -Q cipher' from both your FreeBSD and 
> > OmniOS boxes?
> >
> > /dale
> >
> 
>  Hi
> 
>  Seems to be the same
> 
>  Omnios box - ssh -Q cipher
>  3des-cbc
>  blowfish-cbc
>  cast128-cbc
>  arcfour
>  arcfour128
>  arcfour256
>  aes128-cbc
>  aes192-cbc
>  aes256-cbc
>  rijndael-cbc at lysator.liu.se
>  aes128-ctr
>  aes192-ctr
>  aes256-ctr
>  aes128-gcm at openssh.com
>  aes256-gcm at openssh.com
>  chacha20-poly1305 at openssh.com
> 
> 
>  FreeBSD box - ssh -Q cipher:
>  3des-cbc
>  blowfish-cbc
>  cast128-cbc
>  arcfour
>  arcfour128
>  arcfour256
>  aes128-cbc
>  aes192-cbc
>  aes256-cbc
>  rijndael-cbc at lysator.liu.se
>  aes128-ctr
>  aes192-ctr
>  aes256-ctr
>  aes128-gcm at openssh.com
>  aes256-gcm at openssh.com
>  chacha20-poly1305 at openssh.com
> 
>  _______________________________________________
>  OmniOS-discuss mailing list
>  OmniOS-discuss at lists.omniti.com
>  http://lists.omniti.com/mailman/listinfo/omnios-discuss
> 

-- 
-- 
Thomas Wagner

------------------------------------------------------------------------
Service rund um UNIX(TM),     Wagner Network Services, Thomas Wagner
Solaris(TM), Linux(TM)        Eschenweg 21, 89174 Altheim, Germany
Windows(TM)                   TEL: +49-731-9807799, FAX: +49-731-9807711
Telekommunikation, LAN,       MOBILE/CELL: +49-171-6135989
Internet-Service, Elektronik  EMAIL: wagner at wagner-net.com


More information about the OmniOS-discuss mailing list