Secure Shell (SSH)

SSH is a widely used protocol for remote terminal access with secure authentication and data encryption. It is also used for file transfers, using tools such as scp (Secure Copy), sftp (Secure FTP), or rsync-over-ssh.

Performance Issues With SSH

Application Layer Window Limitation

When users use SSH to transfer large files, they often think that performance is limited by the processing power required for encryption and decryption. While this can indeed be an issue in a LAN context, the bottleneck over "long fat networks" (LFNs) is most likely a window limitation. Even when TCP parameters have been tuned to allow sufficiently large TCP Windows, the most common SSH implementation (OpenSSH) has a hardwired window size at the application level which is set at 64K.

This limitation is removed in a modification of the OpenSSH software provided by the Pittsburgh Supercomputing Center (see below).

Crypto overhead

When the window-size limitation is removed, encryption/decryption performance may become the bottleneck again. So it is useful to choose a "cipher" (encryption/decryption method) that performs well, while still being regarded as sufficiently secure to protect the data in question. Here is a table that displays the performance of several ciphers supported by OpenSSH in a reference setting:

The High Performance Enabled SSH/SCP (HPN-SSH) version also supports an option to the scp program that supports use of the "none" cipher, when confidentiality protection of the transferred data is not required.

References

• High Performance Enabled SSH/SCP, Pittsburgh Supercomputing Center
• Application Layer Network Window management in the SSH protocol, C. Rapier, M. A. Stevens, August 2004
• High Speed Bulk Data Transfer Using the SSH Protocol, C. Rapier, B. Bennett, February 2008

-- ChrisWelti - 03 Apr 2006 -- SimonLeinen - 12 Feb 2005 - 25 Feb 2008