When the date was Thursday 11 December 2008, Steve Snyder wrote:
On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out as being the most CPU-intensive of the applications running, It's used 176 minutes of CPU time in the last 2 days alone.
Is there any way to lower the CPU utilization without compromising security? (I.e. without using a less processor-intensive encrypt/decrypt algorithm?)
I'm getting the CPU use figures from top, so there no fine-grained info on exactly what code is taking so much time. I'm assuming that the bulk of the time is spent in the OpenSSL libraries.
Is there some hardware add-on or processor-specific optimization that would reduce the CPU load incurred by OpenSSH?
You can customize you sshd_config to avoid heavy-weight ciphers. The following is a reasonable order:
aes128-ctr,aes128-cbc,blowfish-cbc,cast128-cbc, arcfour128,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
Well, actually, just stay away from 3des. Also, you should disable compression.
man 5 sshd_config