Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssh1 and ssh2 performance

1 view
Skip to first unread message

vervoom

unread,
Feb 7, 2003, 4:44:22 AM2/7/03
to
Hi,

The company I work for uses SSH 2 (as opposed to SSH1) because it is
more secure. However, we have been advised by another company whose
product we use, to use SSH 1 as this gives a faster connection.


Personally I haven't noticed SSH 2 being particularly slow, but my
customer is concerned about it and I don't know enough about this issue
to really advise either way. Could anyone here help me out please?

Thanks,

JS.

Richard E. Silverman

unread,
Feb 7, 2003, 9:10:46 AM2/7/03
to
>>>>> "JS" == vervoom <ver...@hotmail.com> writes:

JS> Hi, The company I work for uses SSH 2 (as opposed to SSH1) because
JS> it is more secure. However, we have been advised by another
JS> company whose product we use, to use SSH 1 as this gives a faster
JS> connection.

JS> Personally I haven't noticed SSH 2 being particularly slow, but my
JS> customer is concerned about it and I don't know enough about this
JS> issue to really advise either way. Could anyone here help me out
JS> please?

SSH protocol version 1 is deprecated in favor of the current draft version
2. Version 1 is much less flexible, has known, exploited, and unfixable
security flaws, and its implementations are no longer under active
development. While it's not so broken as to rule it out entirely, it is
not a good idea to use it while you have a choice.

Protocol 2 can be noticeably slower on connect due to the more complex key
exchange; however, this is usually only a problem on older, slower
hardware.

--
Richard Silverman
sl...@shore.net

all mail refused

unread,
Feb 8, 2003, 7:30:41 AM2/8/03
to
In article <m1lsmv0...@syrinx.oankali.net>, Richard E. Silverman wrote:

>Protocol 2 can be noticeably slower on connect due to the more complex key
>exchange; however, this is usually only a problem on older, slower
>hardware.

Restricting openssh to IPv4 and not IPv6 reduces connection setup time where
I've tried it.

--
decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp

William Peckham

unread,
Feb 8, 2003, 1:29:34 PM2/8/03
to
You might mention that simple telnet is far faster yet. If you want good
security in your session traffic, you MUST put up with some delay time for
security processing. Considering the advantages of protocol 2 over protocol
1, any slight delay should be a trivial issue.

"all mail refused" <el...@notatla.demon.co.uk> wrote in message
news:slrnb49ubk...@notatla.demon.co.uk...


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.445 / Virus Database: 250 - Release Date: 2003-01-21


Richard E. Silverman

unread,
Feb 8, 2003, 7:54:06 PM2/8/03
to
>>>>> "WP" == William Peckham <mr...@attbi.com> writes:

WP> You might mention that simple telnet is far faster yet. If you
WP> want good security in your session traffic, you MUST put up with
WP> some delay time for security processing. Considering the
WP> advantages of protocol 2 over protocol 1, any slight delay should
WP> be a trivial issue.

It may not be "slight." On older Sun hardware, for example, an SSH-2
connection can take a minute or more to set up.

--
Richard Silverman
sl...@shore.net

0 new messages