Subject: openssh-server: The high-performance patch from PSC should be included as
standard.
Date: Mon, 31 Jan 2005 09:24:56 +0000
Package: openssh-server
Version: 1:3.9p1-2
Severity: wishlist
The high-performance patches from PSC
(http://www.psc.edu/networking/projects/hpn-ssh/) should be included as
part of standard SSH; these patches make an *enormous* difference when
transferring large quantities of data over a high-bandwidth network.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openssh-server depends on:
ii adduser 3.59 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.42 Debian configuration management sy
ii dpkg 1.10.26 Package maintenance system for Deb
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libwrap0 7.6.dbs-6 Wietse Venema's TCP wrappers libra
ii openssh-client 1:3.9p1-2 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information excluded
Subject: Re: Bug#292932: openssh-server: The high-performance patch from PSC should be included as standard.
Date: Mon, 31 Jan 2005 11:42:02 +0100
* Colm Buckley:
> The high-performance patches from PSC
> (http://www.psc.edu/networking/projects/hpn-ssh/) should be included as
> part of standard SSH; these patches make an *enormous* difference when
> transferring large quantities of data over a high-bandwidth network.
Why is this patch not included upstream? Because of the no-encryption
part with has "issues"?
Subject: openssh-server: both patches should be included
Date: Sat, 13 Aug 2005 06:31:59 -0500
Package: openssh-server
Version: 1:4.1p1-6
Followup-For: Bug #292932
There shouldn't be any security issues with including at least
the performance patch to allow for scalable buffer sizes.
But it would be nice if the hpn11-none cipher patch could also
be included as there is probably good need of it by most people who use
scp. I'd even argue for documenting it officially as it seems pretty
obvious which situations call for its use (and which don't).
Just my two cents. I'm going to rebuild my local packages with
the patches at least. :) It would be nice to see all Debian users
benefit from these though.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.4
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.67 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii dpkg 1.13.10 Package maintenance system for Deb
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libpam-modules 0.76-23 Pluggable Authentication Modules f
ii libpam-runtime 0.76-23 Runtime support for the PAM librar
ii libpam0g 0.76-23 Pluggable Authentication Modules l
ii libselinux1 1.24-4 SELinux shared libraries
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.1p1-6 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-3 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
Subject: openssh-server: actually, to provide something useful...
Date: Sat, 13 Aug 2005 06:53:51 -0500
Package: openssh-server
Version: 1:4.1p1-6
Followup-For: Bug #292932
In an attempt to provide something useful to this request
(rather than my me too post a moment ago), I just ran across this:
---
http://groups.google.com/group/mailing.unix.openssh-dev/browse_thread/thread/d6f419da2faae3ad/508e0f2fb1208e7d?lnk=st&q=%22darren+tucker%22+hpn-ssh&rnum=1#508e0f2fb1208e7d
Hopefully that comes through properly. Anyway, it's a discussion
between Darren Tucker (one of the OpenSSH contributors) and Chris Rapier
(one of the HPN-SSH contributors) about the performance patch with some
suggested changes by Darren. Assuming this all goes well ultimately,
upstream might very well be including these changes.
But for the time being, it might be nice to grab the original
HPN-SSH patch and make Darren's recommended changes and include it in
the Debian package. In another post I saw by Darren at:
---
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/91064fcec483b534/7d2ecfbc5bd0369b?lnk=st&q=%22darren+tucker%22+hpn-ssh&rnum=2#7d2ecfbc5bd0369b
he mentions that using the none cipher probably won't increase
throughput too much as the MAC (Message Authentication Code) is usually
the bottleneck. Although, this would change probably if the previous
performance patch were also included, assuming that Darren was referring
to the MAC being the bottleneck with the currently implemented OpenSSH
buffering scheme.
So anyway, that's all I know at this point. Something to at
least keep an eye on as more of us are working on fast network segments
and even people on high latency and possibly even slow networks look to
benefit from this.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.4
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.67 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii dpkg 1.13.10 Package maintenance system for Deb
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libpam-modules 0.76-23 Pluggable Authentication Modules f
ii libpam-runtime 0.76-23 Runtime support for the PAM librar
ii libpam0g 0.76-23 Pluggable Authentication Modules l
ii libselinux1 1.24-4 SELinux shared libraries
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.1p1-6 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-3 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
Package: openssh-server
Version: 1:4.1p1-6
Followup-For: Bug #292932
Well, after downloading those two patches from:
---
http://www.psc.edu/networking/projects/hpn-ssh/
I realized that they were the same but one has the none cipher changes
thrown in. Blah.
Anyway, I'm attaching the diff I used against Debian's 4.1p1-6.
It includes Darren's changes from my previously linked Usenet
discussion. Any other white space changes which are not in keeping with
"standard" coding policies are vim's fault. :)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.4
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.67 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii dpkg 1.13.10 Package maintenance system for Deb
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libpam-modules 0.76-23 Pluggable Authentication Modules f
ii libpam-runtime 0.76-23 Runtime support for the PAM librar
ii libpam0g 0.76-23 Pluggable Authentication Modules l
ii libselinux1 1.24-4 SELinux shared libraries
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.1p1-6 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-3 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
Package: openssh-server
Version: 1:4.1p1-6
Followup-For: Bug #292932
This patch is to replace my previous. It reverts one of
Darren's suggested changes which was causing disconnects on large
transfers and reverses the order in which I had added the -hpn string to
the version string.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.4
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.67 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii dpkg 1.13.10 Package maintenance system for Deb
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libpam-modules 0.76-23 Pluggable Authentication Modules f
ii libpam-runtime 0.76-23 Runtime support for the PAM librar
ii libpam0g 0.76-23 Pluggable Authentication Modules l
ii libselinux1 1.24-4 SELinux shared libraries
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.1p1-6 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-3 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded