OpenSSH HPN (High Performance): Implementation and Installation

Introduction link

Here’s the introduction provided by the website:

SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwidth network links. Modifying the SSH code to allow the buffers to be defined at runtime eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition, HPN clients will be able to download faster from non-HPN servers, and HPN servers will be able to receive uploads faster from non-HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack. Please refer to this tuning page for more information.

The amount of improvement any specific user will see is dependent on a number of issues. Transfer rates cannot exceed the capacity of the network nor the throughput of the I/O subsystem including the disk and memory speed. The improvement will also be highly influenced by the capacity of the processor to perform the encryption and decryption. Less computationally expensive ciphers will often provide better throughput than more complex ciphers.

Applying the Patch link

First, you need to have the source code of OpenSSH which you can download from: http://www.openssh.com/portable.html

For this tutorial, we’ll use the up-to-date version, which is 4.5p1. Download the source:

  wget ftp://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.5p1.tar.gz
  

Next, download the OpenSSH HPN patch for our version (4.5p1):

  wget http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.5p1-hpn12v14.diff.gz
  

Now decompress the archives:

  tar -xzvf openssh-4.5p1.tar.gz
gzip -d openssh-4.5p1-hpn12v14.diff.gz
  

Now let’s patch the source code:

  cd openssh-4.5p1
patch -p1 < ../openssh-4.5p1-hpn12v14.diff
  

If everything went well, the last lines should look like:

  ...
patching file session.c
patching file ssh.c
patching file sshconnect.c
patching file sshconnect2.c
patching file sshd.c
patching file sshd_config
patching file version.h
  

Compilation link

Before starting the configuration, you need to install the dependencies (openssl-dev):

  apt-get install libcurl3-openssl-dev make gcc
  

Next, we can start the configuration:

  ./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-md5-passwords
  

Add any arguments you may need if necessary.

Compile:

  make
  

Install:

  make install
  

Your installation is now complete, and you have access to OpenSSH’s HPN features! :-)

FAQ link

What About on Dedibox? link

Many people have struggled with recompiling SSH. Here’s the solution! Install this:

  apt-get install libpam0g-dev
  

Then, during configuration, add this option:

  ./configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/ssh --with-md5-passwords --with-pam