Hi,
On Wed, 24 May 2000, Tobias Hagge wrote:
> Why is ssh2 slower than ssh1? Can I fix this by reconfiguring?
SSH2 has (by default, and in accordance with the draft) a computationally
slow MAC (named "hmac-sha1" in the draft which is the hmac as described in
rfc2104 using SHA-1 as hash) which is very secure (though a "bug" in the
code seems to "disable" SHA-1 and fall back on a somewhat faster MAC which
is the same hmac but with MD5 as hash :-). One observation with the hmac
is that it goes into much trouble to be secure against even clear-text
transfers beeing compromised by a "man-in-the-middle". I can only
speculate (since I know too little about encryption/math) that since the
stream of packets (including their lenghts) are encrypted there might be a
faster way to ensure their authenticity, which would be at least "secure
enough" whatever that means. (anybody more enlightened care to comment?).
You can compare the "hmac-sha1" to making double encryption with respect
to performance since you have to "traverse" each packet twice using a
computationally slow algorithm. That's the price of security :-).
Another source of worse throughput (over fast links) might be the flow
control introduced in SSH2, the flow control itself is not bad (hint: the
connection-draft says nothing about maximum window size) but IMHO the
implementation might not be optimal (no evidence, just a feeling given the
parameters used) when it comes to how the link's bandwidth is utilized
(given different I/O load et.c. on the peers of the communication).
In SSH1 only a normal (fast) CRC is used to give the packets' checksums,
hence most of the performance difference to SSH2. SSH1 also lacks any
flowcontrol, which is of course not good in some cases but in this case
probably adds to its performance.
> In general, short of allowing 'none' as a cipher, how can I speed up
> transfer rates for ssh1 and ssh2?
In SSH2 you can use blowfish or even the arcfour cipher, also you can use
a faster mac which is the "md5-8" (just somewhat faster though), though I
don't know if this is configurable or if you have to recompile the code to
be able to use that mac. Also, you can "fine-tune" the flow-control to
your advantage but that would certainly involve writing a line of code or
two... :-).
Cheers,
/Mats
