When the date was Thursday 11 December 2008, Steve Snyder wrote:
> On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out
> as being the most CPU-intensive of the applications running, It's used
> 176 minutes of CPU time in the last 2 days alone.
>
> Is there any way to lower the CPU utilization without compromising
> security? (I.e. without using a less processor-intensive
> encrypt/decrypt algorithm?)
>
> I'm getting the CPU use figures from top, so there no fine-grained info
> on exactly what code is taking so much time. I'm assuming that the
> bulk of the time is spent in the OpenSSL libraries.
>
> Is there some hardware add-on or processor-specific optimization that
> would reduce the CPU load incurred by OpenSSH?
You can customize you sshd_config to avoid heavy-weight ciphers. The
following is a reasonable order:
aes128-ctr,aes128-cbc,blowfish-cbc,cast128-cbc,
arcfour128,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
Well, actually, just stay away from 3des. Also, you should disable
compression.
man 5 sshd_config
--
Michael Iatrou (cwfo)