As an aside... If you do not need the encryption (e.g. when accessing public
CVS repositories that might actually accept non-encrypted connections), just
turn it off so that you do not have to deal with the overhead. By not having
ssh do any encryption, you'll avoid all the (slow) crypto stuff in software.
Kris
On Fri, Mar 25, 2005 at 02:43:03PM -0500, David Boyes wrote:
> > So this is the kind of thing I could point at a crypto engine
> > if I had one?
>
> If, if, if....
>
> IF you had a crypto engine, and IF you had the OpenSSL package compiled
> with the IBM modifications to enable the Cryptoki crypto interface to
> the crypto engine, and IF you had OpenSSH recompiled to use the modified
> OpenSSL libraries, and IF all this didn't do harm to your support
> agreement, then you could probably get some benefit.
>
> Right now, all the ssh crypto is done in software, and CVS does a lot of
> connection setup and teardown which is where the asymmetric crypto (the
> really expensive part of the crypto exchange) gets done. Use of the
> routines in Cryptoki would help, but as you can see from above, it's not
> gonna be simple.
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
--
Never underestimate a Mage with:
- the Intelligence to cast Magic Missile,
- the Constitution to survive the first hit, and
- the Dexterity to run fast enough to avoid being hit a second time.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
