Penguin
Recent Changes

Differences between version 79 and predecessor to the previous major change of SSHNotes.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 79 Last edited on Sunday, August 10, 2008 9:41:08 pm by JohnMcPherson Revert
Older page: version 78 Last edited on Tuesday, May 13, 2008 5:09:43 pm by ShaneHowearth Revert
@@ -144,8 +144,9 @@
 * <tt>Major opcode of failed request: 20 (X_~GetProperty)</tt> 
  
 In that case you will also find by invoking xdpyinfo(1) from the remote machine that they can only use a fraction of the extensions your [XServer] offers. This is because the new default is to use untrusted [X11] cookies for forwarding connections. You need to invoke ssh(1) with the <tt>-Y</tt> option for [X11] forwarding, or add <tt>ForwardX11Trusted yes</tt> to your configuration. Since one of the affected extensions is <tt>XRENDER</tt>, which greatly reduces the bandwidth required to draw AntiAliasedFonts and accelerates their rendering, it is unclear why anyone would ever use untrusted cookies. 
  
+If you are forwarding an X11 connection over a link with relatively high latency (such as [ADSL] rather than over a [LAN]), then you will also get a performance improvement by enabling compression (either Compression=yes in your config file, or the -C command-line option). See the section below for more on compression/transfer rates.  
  
 !!! STDIN Forwarding 
  
 [SSH] forwards its standard input to be the standard input of a command executed on the remote machine. You can use this to do some pretty cool things like stream tar(1) archives across a network to eliminate any overhead with copying many small files: 
@@ -210,8 +211,9 @@
 Cipher blowfish # SSH1 
 Ciphers blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # SSH2 
 </verbatim> 
  
+If you are transferring large files across a GigE [LAN], you will probably be limited by small buffers inside ssh preventing you from reaching anywhere close to line speed. There are patches available for improving performance on such LANs in several different ways (eg increasing these buffer sizes, disabling encryption if you trust the LAN, multi-threaded encryption) - see http://www.psc.edu/networking/projects/hpn-ssh/  
  
 !!! [SSH] for apt-get(8) 
  
 If you try and run apt-get(8) without a terminal or the right paths, it won't be able to find dpkg(8) or display debconf information. This is the way I've found (useful for remote upgrading of machines – note, only do this off security or your own repository…)