Security Basics mailing list archives
Re: Alternatives to sftp?
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Thu, 16 Oct 2003 08:30:11 -0600
On Thu, Oct 16, 2003 at 01:47:17PM +0000, John Sec wrote:
I wasn't even aware that sftp provided a way to transfer files without encryption. Looking at the man page that I found online, I do not see this option. How exactly can you tell it to force integrity without encrypting the file? Do you think that encrypting the file with PGP and then using sftp to transfer the file (no encryption, only integrity) would save any CPU cycles? I'm only asking out of curiosity now as it may come in handy in the future.
SSH offers many cyphers, and sftp uses ssh. If you are using OpenSSH the sftp option you need is -oCyphers=none. I don't see any mention of the none cypher in OpenSSH, so it may not be available. I use the SSH Communitications Security version which does support the none cypher. Experiment with the different cyphers, perhaps one is fast enough for you. Encypting with PGP will offer no (or very little) additional performance, but it would allow encryption to happen at another time. Perhaps with a lower priority over a longer period of time. You will be using the CPU to encrypt the file, either at transmittion or in preperation for transmittion. Your performance problem stems from you encrypting, not from the protocol overhead ssh adds. If you wish to see (slightly) better performance while encrypting you must choose the right cypher and use a well optimized program. If you are using the stock compilation, try recompiling it with the compiler optimizations increased. The only way to see a large performance boost is to: - not encrypt - use a common information store (decide to not have the problem) - only transfer the changes (make a patch file using diff or xdelta) Unless you are performing archive or backup functions (in which case, live with the problem or get a dedicated network and skip the encryption), you want to solve this problem with a common information store. You can do this via SAN, a database, or an LDAP server. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) Joyously Canadian Computer Science --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Alternatives to sftp? John Sec (Oct 15)
- Re: Alternatives to sftp? Brad Arlt (Oct 16)
- Re: Alternatives to sftp? Thorne (Oct 16)
- Re: Alternatives to sftp? Ranjeet Shetye (Oct 16)
- Re: Alternatives to sftp? Thorne (Oct 16)
- Re: Alternatives to sftp? Nick Warr (Oct 16)
- Re: Alternatives to sftp? Ansgar -59cobalt- Wiechers (Oct 16)
- Re: Alternatives to sftp? Wu Fei Liang (Oct 16)
- <Possible follow-ups>
- RE: Alternatives to sftp? Halverson, Chris (Oct 16)
- Re: Alternatives to sftp? John Sec (Oct 16)
- Re: Alternatives to sftp? Brad Arlt (Oct 16)
- RE: Alternatives to sftp? Meidinger Chris (Oct 16)
- RE: Alternatives to sftp? Ruiz Cifuentes, Rolando Matias (CL - Santiago) (Oct 16)
- RE: Alternatives to sftp? Hagen, Eric (Oct 16)
- RE: Alternatives to sftp? Dave Killion (Oct 16)
- Re: Alternatives to sftp? Brad Arlt (Oct 16)