On Thu, 10 Aug 2023 at 12:47, Cedric Blancher <cedric.blancher@xxxxxxxxx> wrote:
[...]
> We're experiencing rather very bad latency spikes on busy Linux
> systems, for example if one machine is the jumphost (ssh -J) for a few
> hundred connections, while at the same time handles CPU intensive
> tasks.
Are these hundreds of connections started around the same time?
Connection establishment is the most computationally expensive part of
the process by some margin, and if you have clients synchronized I
could imagine that causing load spikes.
If that's the case you could try disabling the more expensive key
exchange algorithms ("KexAlgorithms in the config of either the client
or server) or host key algos (HostKeyAlgorithms in the server config).
Try benchmarking the available options, but I'd bet the post-quantum
safe default KexAlgorithm (sntrup761x25519-sha512@xxxxxxxxxxx) is the
most expensive one.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
