121 lines
5.7 KiB
Plaintext
121 lines
5.7 KiB
Plaintext
|
Notes:
|
||
|
|
||
|
NONE CIPHER:
|
||
|
To use the NONE option you must have the NoneEnabled switch set on the server
|
||
|
and you MUST have *both* NoneEnabled and NoneSwitch set to yes on the client.
|
||
|
The NONE feature works with ALL ssh subsystems (as far as we can tell)
|
||
|
as long as there is no tty allocated.
|
||
|
If a user uses the -T switch to prevent a tty being created the NONE cipher
|
||
|
will be disabled.
|
||
|
|
||
|
|
||
|
PERFORMANCE:
|
||
|
The performance increase will only be as good as the network and TCP stack
|
||
|
tuning on the reciever side of the connection allows. As a rule of thumb a
|
||
|
user will need at least 10Mb/s connection with a 100ms RTT to see a doubling
|
||
|
of performance.
|
||
|
The HPN-SSH home page http://www.psc.edu/networking/projects/hpn-ssh
|
||
|
describes this in greater detail.
|
||
|
|
||
|
|
||
|
BUFFER SIZES:
|
||
|
- if HPN is disabled the receive buffer size will be set to the OpenSSH default
|
||
|
of 64K.
|
||
|
|
||
|
- if a HPN system connects to a non-HPN system the receive buffer will
|
||
|
be set to the HPNBufferSize value. The default is 2MB but user adjustable.
|
||
|
|
||
|
- If a HPN to HPN connection is established a number of different things might
|
||
|
happen based on the user options and conditions.
|
||
|
|
||
|
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
|
||
|
Result: HPN Buffer Size = up to 64MB
|
||
|
This is the default state. The HPN buffer size will grow to a maximum of
|
||
|
64MB as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB
|
||
|
is geared towards 10GigE transcontinental connections.
|
||
|
|
||
|
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
|
||
|
Result: HPN Buffer Size = TCP receive buffer value.
|
||
|
Users on non-autotuning systesm should disable TCPRcvBufPoll in the
|
||
|
ssh_cofig and sshd_config
|
||
|
|
||
|
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
|
||
|
Result: HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
|
||
|
This would be the system defined TCP receive buffer (RWIN).
|
||
|
|
||
|
Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
|
||
|
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
|
||
|
Generally there is no need to set both.
|
||
|
|
||
|
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
|
||
|
Result: HPN Buffer Size = grows to HPNBufferSize
|
||
|
The buffer will grow up to the maximum size specified here.
|
||
|
|
||
|
Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
|
||
|
Result: HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
|
||
|
Generally there is no need to set both of these, especially on autotuning
|
||
|
systems. However, if the users wishes to override the autotuning this would
|
||
|
be one way to do it.
|
||
|
|
||
|
Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
|
||
|
Result: HPN Buffer Size = TCPRcvBuf.
|
||
|
This will override autotuning and set the TCP recieve buffer to the user
|
||
|
defined value.
|
||
|
|
||
|
|
||
|
HPN SPECIFIC CONFIGURATION OPTIONS:
|
||
|
|
||
|
- HPNDisabled=[yes/no] client/server
|
||
|
In some situations, such as transfers on a local area network, the impact
|
||
|
of the HPN code produces a net decrease in performance. In these cases it is
|
||
|
helpful to disable the HPN functionality. By default HPNDisabled is set to no.
|
||
|
|
||
|
- HPNBufferSize=[int]KB client/server
|
||
|
This is the default buffer size the HPN functionality uses when interacting
|
||
|
with non-HPN SSH installations. Conceptually this is similar to the TcpRcvBuf
|
||
|
option as applied to the internal SSH flow control. This value can range from
|
||
|
1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause
|
||
|
performance problems depending on the roud trip time of the network path.
|
||
|
The default size of this buffer is 2MB.
|
||
|
|
||
|
- TcpRcvBufPoll=[yes/no] client/server
|
||
|
Enable or disable the polling of the TCP receive buffer through the life
|
||
|
of the connection. You would want to make sure that this option is enabled
|
||
|
for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista,
|
||
|
FreeBSD 7.x and later). Default is yes.
|
||
|
|
||
|
- TcpRcvBuf=[int]KB client
|
||
|
Set the TCP socket receive buffer to n Kilobytes. It can be set up to the
|
||
|
maximum socket size allowed by the system. This is useful in situations where
|
||
|
the TCP receive window is set low but the maximum buffer size is set higher
|
||
|
(as is typical). This works on a per TCP connection basis. You can also use
|
||
|
this to artifically limit the transfer rate of the connection. In these cases
|
||
|
the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
|
||
|
Default is the current system wide TCP receive buffer size.
|
||
|
|
||
|
- NoneEnabled=[yes/no] client/server
|
||
|
Enable or disable the use of the None cipher. Care must always be used when
|
||
|
enabling this as it will allow users to send data in the clear. However, it
|
||
|
is important to note that authentication information remains encrypted even
|
||
|
if this option is enabled. Set to no by default.
|
||
|
|
||
|
- NoneSwitch=[yes/no] client
|
||
|
Switch the encryption cipher being used to the None cipher after
|
||
|
authentication takes place. NoneEnabled must be enabled on both the client
|
||
|
and server side of the connection. When the connection switches to the NONE
|
||
|
cipher a warning is sent to STDERR. The connection attempt will fail with an
|
||
|
error if a client requests a NoneSwitch from the server that does not
|
||
|
explicitly have NoneEnabled set to yes.
|
||
|
Note: The NONE cipher cannot be used in interactive (shell) sessions and it
|
||
|
will fail silently. Set to no by default.
|
||
|
|
||
|
|
||
|
CREDITS:
|
||
|
|
||
|
This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
|
||
|
The majority of the actual coding for versions up to HPN12v1 was performed
|
||
|
by Michael Stevens (mstevens@andrew.cmu.edu).
|
||
|
The MT-AES-CTR cipher was implemented by Ben Bennet (ben@psc.edu).
|
||
|
This work was financed, in part, by Cisco System, Inc., the National Library
|
||
|
of Medicine, and the National Science Foundation.
|