From the actually-useful-software department:
http://www.psc.edu/networking/projects/hpn-ssh/
To check if you'd benefit from this whichever part of your connection
is fastest (usually downstream) in bits/s and multiply it by the
number of seconds ping takes to your destination (so ping -c 10
yourhost and take the average). If the result exceeds 512000 you would
benefit from this patch.
For me the result (to www.netgate.com) was 706385 so I get a very nice
boost from this patch:
downstream bandwidth: 5Mbps or 5,000,000 bps
rss as measured by ping: 141.277ms, or 0.141277
You don't need much latency to need HPN-SSH. If you have a fast pipe
(Gbps or so), a few ms will do. If you're reaching machines outside
Hawaii, HPN-SSH will almost always yield improvement.
I can't believe this hasn't been incorporated in the official OpenSSH
yet, even though it's been out there for years. No wait, I actually
can. The explanation is that the OpenSSH developers are idiots.
IIRC, of the last 4 SSH security holes, 3 were only in the OpenSSH
implementation (and the fourth one was also in OpenSSH).
In a related story, when OpenBSD got W^X they (said they) thought they
were the first to ever do it, even though people have been running PaX
on Linux for years. They also said it couldn't be done on x86 that
didn't have NX bit, even though PaX had that too for years.
OpenBSD: security via navel-gazing...
Jim
_______________________________________________
[email protected] mailing list
http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
