Re: [CentOS] Any way to reduce CPU use of OpenSSH?
Steve Snyder wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the Wow, you must be sending terabytes of stuff through ssh. :-) Assuming the request is legit: 1. Disable compression if you don't need it. 2. Try another crypto protocol. Years ago, when this problem was real :-) (sorry, no offense), I used to force blowfish instead of whatever crypto was default back then, and it produced a significant decrease of CPU usage on those Pentium II processors. ssh -c blowfish-cbc hostname I don't know which protocol is fastest nowadays, but I guess you can do a quick test and find out. There might be some security implications for using a different crypto protocol, but you need to figure that out yourself. -- Florin Andrei http://florin.myip.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
When the date was Thursday 11 December 2008, Steve Snyder wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the applications running, It's used > 176 minutes of CPU time in the last 2 days alone. > > Is there any way to lower the CPU utilization without compromising > security? (I.e. without using a less processor-intensive > encrypt/decrypt algorithm?) > > I'm getting the CPU use figures from top, so there no fine-grained info > on exactly what code is taking so much time. I'm assuming that the > bulk of the time is spent in the OpenSSL libraries. > > Is there some hardware add-on or processor-specific optimization that > would reduce the CPU load incurred by OpenSSH? You can customize you sshd_config to avoid heavy-weight ciphers. The following is a reasonable order: aes128-ctr,aes128-cbc,blowfish-cbc,cast128-cbc, arcfour128,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc Well, actually, just stay away from 3des. Also, you should disable compression. man 5 sshd_config -- Michael Iatrou (cwfo) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
On Thursday 11 December 2008, Steve Snyder wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the applications running, It's used > 176 minutes of CPU time in the last 2 days alone. Putting 176 cpu-minutes in context, that's 3% of your available cpu-time. What exactly is the problem here? /Peter > Is there any way to lower the CPU utilization without compromising > security? (I.e. without using a less processor-intensive > encrypt/decrypt algorithm?) ... signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
Steve Snyder wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the applications running, It's used > 176 minutes of CPU time in the last 2 days alone. Do you have any rsync jobs running at night time doing backup via ssh? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Mobile: +45 22 12 53 25 Email: m...@crc.dk Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
Steve Snyder wrote: > Is there any way to lower the CPU utilization without compromising > security? (I.e. without using a less processor-intensive There is always the HPN SSH patch set... -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #cen...@irc.freenode.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
on 12-11-2008 10:08 AM Steve Snyder spake the following: > The traffic is a combination of tunneled VNC (to Win2K), tunneled Remote > Desktop (to WinXP), and interactive command line (to Linux) sessions. > > For the first two types (VNC & RD), the image data is compressed before > entering the encrypted tunnel. For the last traffic type there are a > lot of small packets, owning to the nature of keyboard activity. > > Thanks. > Do you have ssh also trying to compress the tunnel with the already compressed packets? That could add to the CPU time trying to compress twice. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
The traffic is a combination of tunneled VNC (to Win2K), tunneled Remote Desktop (to WinXP), and interactive command line (to Linux) sessions. For the first two types (VNC & RD), the image data is compressed before entering the encrypted tunnel. For the last traffic type there are a lot of small packets, owning to the nature of keyboard activity. Thanks. On Thursday 11 December 2008 11:17:13 am Brett Serkez wrote: > On Thu, Dec 11, 2008 at 10:14 AM, Steve Snyder wrote: > > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands > > out as being the most CPU-intensive of the applications running, > > It's used 176 minutes of CPU time in the last 2 days alone. > > Can you tell us more about how your system is used, especially in > regard to ssh? Are there many logins? Is X forwarding used? > > Brett > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any way to reduce CPU use of OpenSSH?
On Thu, Dec 11, 2008 at 10:14 AM, Steve Snyder <[EMAIL PROTECTED]> wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the applications running, It's used > 176 minutes of CPU time in the last 2 days alone. Can you tell us more about how your system is used, especially in regard to ssh? Are there many logins? Is X forwarding used? Brett ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Any way to reduce CPU use of OpenSSH?
On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out as being the most CPU-intensive of the applications running, It's used 176 minutes of CPU time in the last 2 days alone. Is there any way to lower the CPU utilization without compromising security? (I.e. without using a less processor-intensive encrypt/decrypt algorithm?) I'm getting the CPU use figures from top, so there no fine-grained info on exactly what code is taking so much time. I'm assuming that the bulk of the time is spent in the OpenSSL libraries. Is there some hardware add-on or processor-specific optimization that would reduce the CPU load incurred by OpenSSH? Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos