Using SSH for networking

This is mainly a note to myself about two patches, just in case I ever decide to use OpenSSH for networking, in addition to remote administration.

First, is the cipler-none patch that adds none as a valid argument to the -c command line option. By using it, the transferred data is not encrypted. Pros: eliminates the data encryption overhead. Cons: totally insecure method of transferring sensitive data.

cipher-none-patch

Note: the OpenSSH server, even if it has been patched with this code, does not accept unencrypted connections by default. This has to be enabled explicitly in the sshd configuration (sshd_config) by adding the none “cipher” to the list of the accepted ciphers:

Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,none

Note2: here is step-by-step guide how to configure the SSH authentication using public keys.

Second, is a set of patches, created at the Pittsburgh Supercomputing Center, which eliminate the bottlenecks caused by some of the internal buffers that control data flow in network connections through OpenSSH. This project is called High Performance SSH/SCP (aka HPN-SSH). Benchmarks show that even encrypted network connections using HPN-SSH perform extraordinarily better than the usual encrypted OpenSSH connections.

OK, this info exists here for completeness, as those HPN-SSH patches have not been designed for home networks! Possibly it might make no difference if you use the regular OpenSSH or HPN-SSH in your home LAN.

Note: the HPN-SSH patches also contain code that adds the none cipher, similar to the cipher-none patch, so, if you intend to use HPN-SSH, it is not required to apply both on the OpenSSH source.

Finally, apart from all these, if you ever decide to use SSH for networking seriously consider using SSHfs (see also SSHfsFAQ).

Using SSH for networking by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2008 - Some Rights Reserved

5 responses on “Using SSH for networking

  1. Mihai Permalink →

    the cypher none patch makes openssh pretty much useless. The whole point of using openssh for networking or any other stuff is because it provides encryption.

    If you just want unencrypted networking there are other programs out there that don’t provide encryption.

  2. Atmatzidis Permalink →

    And from what I know, protocols like: AFS (for mac-linux conectivity), NFS and SAMBA or even older, like HTTP/FTP are quite faster than SSH, minus the overheat.

  3. George Notaras Post authorPermalink →

    @Mihai:Apart from encryption, it also provides a comfortable interface to administer remote machines either using command-line applications or graphical ones or effortlessly transfer files. SSH is definitely not useless without encryption. All, that is mandatory, is a 100% trusted environment.

    @Atmatzidis:Although I am not an expert to benchmark all those protocols, I don’t think they are faster than an encryption-free SSH connection for the reason that SSH is a much simpler protocol implementation than SAMBA, NFS, HTTP and possibly FTP. Even, if it is not faster than the aforementioned protocols, it cannot be that slow. The truth is I haven’t used SSH in such a way yet, but I plan to do so in the near future. Then, I will be able to write a few things accompanied by actual tests.

    Thanks for your feedback

  4. Pádraig Brady Permalink →

    @Mihai. openssh provides many features in addition to encryption (like [X] forwarding etc.), and hence many more things are built on top of the interface it provides. Therefore being able to use these things on a local LAN for example without the overhead of encryption is incredibly useful.

    @George. I think much of the HPN-SSH patches were bug/design fixes and they’ve mostly been rolled into the official tree in different forms (though it took years for them to do it).
    I also found the simple patch to provide chroot access to a user very useful.

  5. George Notaras Post authorPermalink →

    @Pádraig: Most probably you are right about the patches being included in openssh. I didn’t do a research before writing the above notes… Also, regarding the patch that adds the ability to the server to chroot users, do you refer to the http://chrootssh.sourceforge.net project or there is another patch?

    Thanks for stopping by :)