29
14
I am a very frequent user of sshfs for mounting various disks over the network. I do however have a very small machine (with an atom processor) from which I need to mount a directory using sshfs.
Is it possible to disable all compression, and perhaps even also encryption when mounting using sshfs, as to limit the cpu usage on the machine from which the directory is mounted?
Bjarke Freund-Hansen
Posted 2009-08-31T12:44:29.847
Reputation: 1 151
38
Although the high performance ssh adds a none cipher, the arcfour cipher is nearly as fast and is included standard.
Use: -o Ciphers=arcfour
I've been using this over the local network and I get about 85% of 100Mbps Ethernet or about 10.625MB/s
(In response vava's answer, sshfs would still be what it is even when ssh's encryption is off as the authentication protocol would still be active without which you might as well be using telnet.)
Note for @osgx I recently found OpenSSL: Cipher Selection which includes the following graph:
The following is the results section from that page. The graph and the results are questionable as they don't state how the benchmark was done and on what hardware but I think that they aren't that far off.
100,000 Kbyte/s is my threshold for acceptable performance. This represents 1 CPU core (of 8 in my case) running at 100% utilization to transfer 780Mbit/s of data (which is a reasonable saturation point for a gigabit Ethernet link).
RC4 is the fastest cipher, if you are using a processor which does not support AESNI.
AES-128 is the next fastest cipher, and much faster than RC4 if you have AESNI support. It’s about 54% slower if you don’t. AES-256 is slower still, and unless explicitly configured otherwise, any browser that supports AES-128 will also support AES-256.
What has been quoted above clearly shows that arcfour (and also AES with AESNI) can saturate a Gigabit link on a modern machine.
If you don't need encryption, the none cipher from hpn-ssh is even faster but you would only need it if you need to saturate a link with several times the bandwidth of a Gigabit link or if you need reduced CPU usage.
Dan D.
Posted 2009-08-31T12:44:29.847
Reputation: 5 138
Is it worth exploring a faster cipher when the CPU is not maxed out? I'd think not. – Nemo – 2018-04-08T19:58:50.783
3arcfour cipher deprecated and missing on most modern OpenSSH installations, You can use chacha20-poly1305@openssh.com instead. – Mesut Tasci – 2018-10-10T13:56:30.940
Thanks for very informative answer and this really speed up the sshfs :) – Dzung Nguyen – 2012-06-10T13:57:48.937
3Isn't it '-o cipher=arcfour' ? – asalamon74 – 2012-10-03T14:08:27.550
@asalamon74 No, it is not. From man ssh_config, "Ciphers: Specifies the ciphers allowed for protocol version 2 in order of preference." – Dan D. – 2012-10-06T05:20:07.570
-o Ciphers was not working for me. man ssh_config also lists Cipher: "Cipher Specifies the cipher to use for encrypting the session in protocol version 1." – asalamon74 – 2012-10-06T08:48:55.390
@asalamon74 what means "not working"? You are quoting the option for SSH v1. Are you using SSH v1 (you really really shouldn't)? As quoted from the man page -o Ciphers is the correct option for SSH v2. – kynan – 2012-11-04T18:04:40.190
I'm really impressed. I went from 4.2MB/s up to 9.2MB/s. Still 100% CPU though. – WhyNotHugo – 2013-07-07T21:17:24.600
1Will arcfour achieve 1Gbit speeds? – osgx – 2014-03-15T02:45:51.010
1@osgx Yes, I would think so. See updated answer. – Dan D. – 2014-03-15T03:19:26.707
8
For sftp with no encryption, use sshfs + socat
On the server side run
socat TCP4-LISTEN:7777 EXEC:/usr/lib/sftp-server
And on the client side
sshfs -o directport=7777 remote:/dir /local/dir
Source: http://pl.atyp.us/wordpress/index.php/2009/09/file-transfer-fun/
endru
Posted 2009-08-31T12:44:29.847
Reputation: 81
For a bit more security, your can also restrict the IP range with e.g. ,range=192.168.1.2/32, to only allow one particular machine to connect. – Robin Dinse – 2018-06-11T13:11:13.333
2While this may theoretically solve the problem, it would be preferred to summarize the link contents, and provide the link as reference – Canadian Luke – 2012-11-30T06:15:12.093
3By default, socat TCP-LISTEN listens on all interfaces. To limit to one specific network interface (e.g., localhost), use the ,bind=127.0.0.1 option. To allow multiple connections to the server, add the ,fork option. Making a read-only server? Add -R to the EXEC command. In the end, it will look like this: socat TCP-LISTEN:7777,fork,bind=127.0.0.1 EXEC:'/usr/lib/sftp-server -R' (on Arch Linux, I had to use /usr/lib/ssh/sftp-server instead). – Lekensteyn – 2014-03-22T15:51:08.787
3
There is no way to disable encryption - this is ssh after all. And it looks like compression is disabled by default as you have to request it with the -C switch.
But you may want to check your ~/.ssh/config file for settings regarding compression. If you add the following lines at the top of that file, compression should be disabled:
Host *
Compression no
innaM
Posted 2009-08-31T12:44:29.847
Reputation: 9 208
2
You can mount with -o compression=no to turn the compression off. It is not possible to turn encryption off, wouldn't be sshfs after that :) If it is slow I suggest to use other way to mount a directory, like through samba, nfs or ftp.
vava
Posted 2009-08-31T12:44:29.847
Reputation: 5 238
NFS would be a good choice – Jeremy L – 2009-08-31T13:00:33.130
The default seems to be "compression=no" anyway. – WhyNotHugo – 2013-07-07T21:18:55.623
0
I think compression is something that is really only quicker if the time to compress is compensated for by the time to transfer data. So compression on a slow connection is increasing speed up to maybe 6 times faster than without. Compression on a fast connection is not useful at all, as it drops speed due to compression delay on your or the host system. Some hosts don't accept compression at all, as they don't want to spend processor power on users.
I think this switch -o Ciphers=arcfour will increase the speed of encryption to nearly no encryption, and -o cache=yes -o kernel_cache -o large_reads -o compression=no may increase your speed a lot as it optimises sshfs a bit. Compression on low speed connections will speed up your transfer a lot if compression is possible; mostly it is. For example I do use it with a 2 Mbit/s down and 0,3 Mbit/s up connection, and it speeds up the transfer by about 3-5 minutes instead of 25-30 minutes for about 30 MByte.
Andreas Bartels
Posted 2009-08-31T12:44:29.847
Reputation: 11
In a way you are not giving better information than the accepted answer – yass – 2017-05-07T16:59:53.097
The accepted answer doesn't even mention compression. This answer may be slightly off-topic, but still has good advise. – Someone – 2019-03-23T14:19:26.827
@lajuette I want the same sort of thing and my reason is that I need something my quarantined Win98 and WinXP retro-gaming machines can use to pull files off my Linux desktop PC and, of the available options, SSH via WinSCP Just Works™ through my whitelist quarantine firewall while FTP and SMB won't work, no matter how hard I try to open the right ports. (And WebDAV can apparently only be served by Apache, which is too complicated to chroot.) – ssokolow – 2015-11-03T00:20:31.260
Oh, plus, AES gives me 27Mbit throughput on the Athlon64 3200+, maxing out the CPU, while RC4 doubles that, so no encryption should get even closer to maxing out the 100Mbit NIC on the WinXP side. (Given that the rotating rust drives currently installed on both ends of the copy operations in question max out at around 200Mbit when SMB is used with contiguous files to remove the need for seeking.) – ssokolow – 2015-11-03T01:28:28.440
1You are dropping encryption and compression... let me think. Why don't you use FTP or SMB? – lajuette – 2010-10-09T07:19:29.237
1No encryption sounds like no SSH really. Have you considered using another protocol altogether? – WhyNotHugo – 2013-07-07T21:18:06.510
2@lajuette: As Dan D. states below, ssh authentication will still be encrypted, so no passwords or keys in plaintext. Also, do you know any protocol that is as readily available as ssh where I can mount remote folders as easily as I can with sshfs? – Bjarke Freund-Hansen – 2014-03-24T07:48:26.700