I just remembered to search and find out about the current status of HPN-SSH. It is a set of patches against SSH which enable multiple performance patches
- a “none” Cipher for bulk transfer of already encrypted data, etc. etc.
- a multithreaded AES implementation (new!)
- better buffer handling that alone gives a 20x throughput increase for SCP and SSH.
With the patches it is within easy reach to fill Gigabit and faster links using much less CPU.
Still, since their completion in 2005/2006 these patches are getting nowhere.
So, lets have a short dig about what happened.
There’s a feature request at debian since 2007, also one for Ubuntu.
They’re not messing with SSH(rather openssl) code again (wise idea actually?) but I think there’s a difference between one beginner package maintainer changing core functions of the main SSH programs, and for example providing a package with 3rd party patches.
Furthermore, as stated in the bug report, it would probably enough to officially email the openssh devs and state there’s a lot of people/projects interested; one speaking for Ubuntu, one speaking for Debian. Instead they’ve just let the bugreport hang around, asking/discussing things without ever turning on their brains.
I mean – almost 3 years and all that was reached is:
- noting that it would have to go to upstream
- discussion about that it needs to be done by the debian, not the ubuntu maintainer (the same guy at the time!)
- noone contacted the upstream
- multiple proposals for solving it that didnt go anywhere
On the openssh email lists it’s even sadder. The archive posts show a bit of theoretical discussion, performance testing, a few questions to the patch maintainer, and then … silence
Thankfully FreeBSD has the Ports system, and there’s a HPN-SSH port readily available. That compile time will probably pay out a few dozen times per year for anyone with more than a few servers and actual data to move.
So at least FreeBSD users DON’T need to wait for the rest of the OSS community to get their heads out of their asses.
I wonder if I should open an enhancement request with HP to get it included with the “HP-UX secure shell distribution”. Would save me so much time, and I couldn’t help laughing if it turned out I need a (commercial old-time vendor-lock-in evil etc. etc. etc. include more FUD) vendor to push an opensource patch into the opensource secure shell used by all the opensource OS.