Re: Any way to reduce CPU use of OpenSSH?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



When the date was Thursday 11 December 2008, Steve Snyder wrote:

> On my CentOS v5.2 server (dual Pentium4) the OpenSSH daemon stands out
> as being the most CPU-intensive of the applications running, It's used
> 176 minutes of CPU time in the last 2 days alone.
>
> Is there any way to lower the CPU utilization without compromising
> security? (I.e. without using a less processor-intensive
> encrypt/decrypt algorithm?)
>
> I'm getting the CPU use figures from top, so there no fine-grained info
> on exactly what code is taking so much time.  I'm assuming that the
> bulk of the time is spent in the OpenSSL libraries.
>
> Is there some hardware add-on or processor-specific optimization that
> would reduce the CPU load incurred by OpenSSH?

You can customize you sshd_config to avoid heavy-weight ciphers. The 
following is a reasonable order:

	aes128-ctr,aes128-cbc,blowfish-cbc,cast128-cbc,
	arcfour128,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
                
Well, actually, just stay away from 3des. Also, you should disable 
compression.

man 5 sshd_config

-- 
 Michael Iatrou (cwfo)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux