When the date was Thursday 11 December 2008, Steve Snyder wrote: > On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out > as being the most CPU-intensive of the applications running, It's used > 176 minutes of CPU time in the last 2 days alone. > > Is there any way to lower the CPU utilization without compromising > security? (I.e. without using a less processor-intensive > encrypt/decrypt algorithm?) > > I'm getting the CPU use figures from top, so there no fine-grained info > on exactly what code is taking so much time. I'm assuming that the > bulk of the time is spent in the OpenSSL libraries. > > Is there some hardware add-on or processor-specific optimization that > would reduce the CPU load incurred by OpenSSH? You can customize you sshd_config to avoid heavy-weight ciphers. The following is a reasonable order: aes128-ctr,aes128-cbc,blowfish-cbc,cast128-cbc, arcfour128,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc Well, actually, just stay away from 3des. Also, you should disable compression. man 5 sshd_config -- Michael Iatrou (cwfo) _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos