[CentOS] OpenSSH could be faster...then why don't they path it??

Sun Feb 6 13:17:40 UTC 2011
Kwan Lowe <kwan.lowe at gmail.com>

On Sun, Feb 6, 2011 at 7:20 AM, kellyremo <kellyremo at zoho.com> wrote:
>
> https://www.psc.edu/networking/projects/hpn-ssh/hpn-v-ssh-tput.jpg
>
> "SCP and the underlying SSH2 protocol implementation in OpenSSH is network
> performance limited by statically defined internal flow control buffers.
> These buffers often end up acting as a bottleneck for network throughput of
> SCP, especially on long and high bandwith network links. Modifying the ssh
> code to allow the buffers to be defined at run time eliminates this
> bottleneck. We have created a patch that will remove the bottlenecks in
> OpenSSH and is fully interoperable with other servers and clients. In
> addition HPN clients will be able to download faster from non HPN servers,
> and HPN servers will be able to receive uploads faster from non HPN clients.
> However, the host receiving the data must have a properly tuned TCP/IP
> stack."
>
> My question is: So Why Does the original OpenSSH has "limited statically
> defined internal flow control buffers"?? It could be way faster, even 10x!!
>

They are likely erring on the side of safety. Dynamic buffers could
introduce some vulnerabilities. You can generate race conditions in
different ways, and whenever there's a dynamic run-time setting this
increases the exposure surface.

BTW, at the end of the linked article:
ms with buffer_append_space in HPN-SSH. If you are experiencing
disconnects due to a failure in buffer_append_space please let us
know. We're currently tracking some problems with this and we're
trying to gather more information to help resolve it.



> With the HPN-SCP path it could be the descendant of FTP! Why aren't there
> any ""OpenSCP packages""? ('normal SCP+HPN-SCP path+no local user needed for
> SCP'ing+chroot by default')
>
> Any opinions?
>
> Thank you!
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>