On Mon, Jan 27, 2014 at 1:05 AM, Philipp Kern <[email protected]> wrote: > On 2014-01-25 20:23, Joshuah Hurst wrote: >> >> One major advantage over ssh is that krb5-rsh has much lower latency >> and overhead (in terms of used cpu time) when executing a plain >> /bin/true on a remote host, doing that in a loop over 1000 logins can >> take hours with ssh but takes minutes with krb-rsh. ssh is a *major* >> pain in the arse if you have a distributed cluster which depends on >> rsh/ssh - with ssh the cpu time overhead is so great that it often >> doesn't even make sense to call the remote host to offload a job. >> krb-rsh is much more lightweight, e.g. consumes much less cpu time. > > > Given that it is mostly about the handshake, could you try if the > ControlMaster feature helps here? At least locally for a user and a given > target host (your /bin/true loop example) it should help. For different > users or target hosts you will of course still pay the penalty once for > each.
The problem is the general synchronous design of ssh. You can't fix it without redesigning the protocol itself. Hint: Before further claiming the obsolesce of krb-rsh/rlogin vs ssh please try ssh on an ARM box (e.g gumstix) vs krb-rsh. ssh takes almost 2.6 seconds to complete (even with tuning and using arcfour), krb-rsh executes the same in less than 0.07 seconds. If courses there is another issue: What still left as "use case" of Kerberos5 if krb-rsh and krb-rlogin are no longer available? Typical university setup is krb-NFSv3/krb-NFSv4 plus krb-rlogin internally and ssh only for external access. What do you wish to sell them as krb-rsh/rlogin replacement? ssh? Seriously? Simon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAPL6_jTSJ83EuOfwqdqMMk5R+oBAgsJaONc2XpXbYDf=tm9...@mail.gmail.com
