Disabling Encryption on file transfers

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hey all, subject says it all.

I was transferring some (big) log files to another box on the same
subnet, and while the files were impressively large (5-6gigs each), I
found that the time it would take to transfer them was fairly slow
(more than 12 hours per file).

These were web logs.  Nothing secret about them at all.  And while I
don't like my *password* being sent across in the clear, I think 90
percent of the bottleneck is encrypting these things for the trip

I didn't see it in the man pages, but I figure I'll ask anyway...is
there any way to do this without majorly rewriting the spec -- possibly
with a modified cipher that drops to nothing after the first X bytes
(effectively shutting off its own encryption?)

Re: Disabling Encryption on file transfers

Quoted text here. Click to load it

Be aware that in SSH-2, about half of the CPU time used by a typical
implementation is in the MAC function, whose purpose is to ensure that your
files don't get modified in transit.  You probably don't want to disable

I'm a little surprised at your figures, incidentally.  I run a machine whose
purpose is to collect backups over the network, and it usually manages to
copy about 30GB from its clients in two hours.  It's a dual 450MHz
UltraSPARC-II, so pretty feeble by modern standards.  You aren't turning on
compression, are you?

Quoted text here. Click to load it

The SSH-2 spec allows for key re-exchanges that change the encryption type,
so either side of the connection could renegotiate a cipher of "none" after
authentication, as long as the other side was agreeable.  I don't know of
any implementation with this facility, mind.

Ben Harris

Re: Disabling Encryption on file transfers

Quoted text here. Click to load it

I second that.  If you have half-decent CPUs then encryption is likely
to not be your bottleneck.

I've measured ~700 KBytes/sec scp'ing to an old SPARCstation 5 (170MHz)
which is still ~50% faster than what you're seeing.

Some suggestions:
* check the CPU usage on both hosts during transfer.  If the usage isn't
high then it's probably not encryption.

* try different cipher/mac combinations (arcfour+hmac-md5-96 will probably
be the fastest of the standard ones).

* turn off compression (if you have more bandwidth than CPU) or on (if
you have more CPU than bandwidth).

* If you have a "long, fat pipe" (ie high latency, high bandwidth such as
satellite) and you're using OpenSSH then try the HPN patches below.

* try rsync -z if you're transferring files that are only partially changed.

Quoted text here. Click to load it

The PSC OpenSSH patches implement rekey-to-none for scp:
http://www.psc.edu/networking/projects/hpn-ssh /

The vanilla OpenSSH doesn't.  I'm not aware of any other implemenation that
does, either.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: Disabling Encryption on file transfers

Quoted text here. Click to load it

Not over SSH, but rsync works just fine for local transfers of non-critical

Site Timeline