mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From FaXin Zhong <faxin.zh...@ericsson.com>
Subject RE: MINA SSHD question
Date Fri, 09 Nov 2012 13:49:47 GMT
Hi,

I found the openssh topic on the internet, that different encryption algorism has different
speed. The lowest is 3DES and AES, the fastest is Arcfour. We are using MINA client as client
test lib. Is there some configuration to setup encryption method? I'm thinking maybe this
make our MINA server side decoding lower.

BRs/Faxin


-----Original Message-----
From: FaXin Zhong 
Sent: Thursday, November 08, 2012 11:01 PM
To: dev
Subject: RE: MINA SSHD question

Hi Guillaume,

We have tested it with openssh tunneling, it doesn't lower much comparing with telnet. We
don't know if we don't use correct I/O API because we have little knowledge for MINA before.
Do you have some examples for us? We're even thinking about using asnc I/O interface. See
our tries:

sshd performance issue, basically no breakthrough so far 
a.	identified the problem in mina - sshd 3pp, since in application layer is quite simple
b.	tried Compression - no improvement
c.	tried change ChannelOutputStream to be single thread - no improvement
d.	tried change session default buffer size to 2 or 4 - no improvement
e.	tried not echo back - get some improvement but not compliant with requirement

what to do next: if time allows, we need more time for further study and understanding of
mina async IO model, maybe we can hit somewhere. Actually our time is less and less.

BRs/Faxin


-----Original Message-----
From: Guillaume Nodet [mailto:gnodet@gmail.com]
Sent: Thursday, November 08, 2012 6:11 PM
To: dev
Subject: Re: MINA SSHD question

I have no numbers sorry.   A long time ago I did some performance
experiments on sshd by tranferring large amount of data and the perfs were only slightly slower
than using a native ssh / sshd client, so I did not
experiment much further.    You can try experimenting by compating mina
sshd with openssh, but comparing with telnet will just give you a lower number without good
indication.


On Thu, Nov 8, 2012 at 10:16 AM, FaXin Zhong <faxin.zhong@ericsson.com>wrote:

> Hi,
>
> Do you have any idea about that? We found when we consume some buffer 
> to get traffic, it's very slow.
>
> BRs/Faxin
>
> -----Original Message-----
> From: FaXin Zhong
> Sent: Wednesday, November 07, 2012 10:55 PM
> To: dev@mina.apache.org
> Subject: RE: MINA SSHD question
>
> Hi Guillaume,
>
> We are doing MINA sshd server performance test, found traffic 
> throughput over sshd decrease 30% compared with Telnet connection, we 
> know the security will generate some overload, but is it normal for 
> 30% decreasement? thanks.
>
> BRs/Faxin
>
> ________________________________________
> From: Guillaume Nodet [gnodet@gmail.com]
> Sent: Wednesday, November 07, 2012 6:01 PM
> To: dev
> Subject: Re: MINA SSHD question
>
> The SSHD public key authentication delegates the real authentication 
> to a PublickeyAuthenticator object which you need to implement and 
> provide in order for public key authentication to work.
>
>
>
> https://github.com/apache/mina-sshd/blob/trunk/sshd-core/src/main/java
> /org/apache/sshd/server/PublickeyAuthenticator.java
>
>
> On Wed, Nov 7, 2012 at 10:44 AM, FaXin Zhong <faxin.zhong@ericsson.com
> >wrote:
>
> > So I think it just provide framework, instead of providing API for 
> > us to consume the public key directly etc... then tell us auth is ok 
> > or not.  We seems we need find another 3PP to do the public key 
> > authentication method and integrate it into mina framework?
> >
> > BRs/Faxin
> >
> > -----Original Message-----
> > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > Sent: Wednesday, November 07, 2012 5:15 PM
> > To: dev
> > Subject: Re: MINA SSHD question
> >
> > You need to implement org.apache.sshd.server.UserAuth Look for 
> > example at the password authentication
> >
> >
> > https://github.com/apache/mina-sshd/blob/trunk/sshd-core/src/main/ja
> > va /org/apache/sshd/server/auth/UserAuthPassword.java
> >
> > You can configure the auth factories using
> >    
> > sshd.setUserAuthFactories(Arrays.<NamedFactory<UserAuth>>asList(new
> > AuthPassword.Factory()));
> >
> >
> > On Wed, Nov 7, 2012 at 10:02 AM, FaXin Zhong 
> > <faxin.zhong@ericsson.com
> > >wrote:
> >
> > > Hi,
> > >
> > > Can you help me where I can use it (mina class)? Very appreciated 
> > > indeed, we just want to shorten the lead time because project is 
> > > so
> > urgent!
> > >
> > > BRs/Faxin
> > >
> > >
> > > -----Original Message-----
> > > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > > Sent: Wednesday, November 07, 2012 4:48 PM
> > > To: dev
> > > Subject: Re: MINA SSHD question
> > >
> > > Mina SSHD supports password, public key and gss authentication 
> > > (plus no authentication), but it's quite easy to add your own 
> > > mechanism if you need or to replace an existing one.
> > >
> > >
> > > On Wed, Nov 7, 2012 at 7:57 AM, FaXin Zhong 
> > > <faxin.zhong@ericsson.com
> > > >wrote:
> > >
> > > > Hi Guillaume and all,
> > > >
> > > > We also need support standard SSH authentications like key 
> > > > store, SSH user/password (not application own authentication), 
> > > > does MINA
> > support it?
> > > > since our designer find MINA only support authentication 
> > > > framework, if you want to support ssh key, you need find another 
> > > > way, is that the
> > case?
> > > >
> > > > Thanks.
> > > >
> > > > BRs/Faxin
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > > > Sent: Friday, November 02, 2012 3:19 PM
> > > > To: dev@mina.apache.org
> > > > Subject: Re: MINA SSHD question
> > > >
> > > > You can create your own PasswordAuthenticator implementation 
> > > > that will delegate to your external system and use that one when 
> > > > configuring the sshd server.
> > > >
> > > > On Fri, Nov 2, 2012 at 6:46 AM, FaXin Zhong 
> > > > <faxin.zhong@ericsson.com
> > > > >wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Thanks for your proposal. Another question is: when we login 
> > > > > into our system, we need authenticate user towards the 
> > > > > external centralized server, e.g. Diameter. Currently it seems 
> > > > > we must use MINA internal ssh authentication mechanism, is 
> > > > > there any way to bypass
> > > it?
> > > > >
> > > > > BRs/Faxin
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > > > > Sent: Thursday, November 01, 2012 3:55 PM
> > > > > To: dev@mina.apache.org
> > > > > Subject: Re: MINA SSHD question
> > > > >
> > > > > The client is in control, you can't change anything on the 
> > > > > server side for that.
> > > > > You need to modify putty and recompile it to suit your needs I
> > suppose.
> > > > >
> > > > > On Thu, Nov 1, 2012 at 3:31 AM, FaXin Zhong 
> > > > > <faxin.zhong@ericsson.com
> > > > > >wrote:
> > > > >
> > > > > > Hi Again,
> > > > > >
> > > > > > Either removing the login as and password or changing them 
> > > > > > to username and password are both OK for us.  We have 
> > > > > > realized letting customer input username and password on the

> > > > > > screen, but the login as and password are still printed 
> > > > > > there, which is ugly for
> > > us.
> > > > > >
> > > > > > BRs/Faxin
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: FaXin Zhong
> > > > > > Sent: Thursday, November 01, 2012 10:25 AM
> > > > > > To: dev@mina.apache.org
> > > > > > Cc: Led Xu
> > > > > > Subject: RE: MINA SSHD question
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > We are using mina sshd server.  We create default ssh server

> > > > > > instance, start it with my own port. Then we use putty to 
> > > > > > login our sshd server, the login as and password are printed

> > > > > > in putty terminal. Now we need change the prompt to username

> > > > > > and
> password.
> > > > > > Is
> > > > there anything we can do?
> > > > > Appreciated.
> > > > > >
> > > > > > BRs/Faxin
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Guillaume Nodet [mailto:gnodet@gmail.com]
> > > > > > Sent: Wednesday, October 31, 2012 6:38 PM
> > > > > > To: dev@mina.apache.org
> > > > > > Subject: Re: MINA SSHD question
> > > > > >
> > > > > > Could you provide a bit more information ?
> > > > > > Are you using mina sshd client, server or both and what 
> > > > > > methods are you calling ?
> > > > > >
> > > > > > On Wed, Oct 31, 2012 at 10:30 AM, FaXin Zhong 
> > > > > > <faxin.zhong@ericsson.com
> > > > > > >wrote:
> > > > > >
> > > > > > > Hi Mina Experts,
> > > > > > >
> > > > > > > We are developing Java native SSHD inside our program with

> > > > > > > MINA
> > > 3PP.
> > > > > > > Now we met problem that we can't change the login prompt,

> > > > > > > currently the client will prompt: login as  and password,

> > > > > > > we need change it to username and password prompt to align

> > > > > > > with our other products. Then customer can get consistent

> > > > > > > appearance from our
> > > > products.
> > > > > > >
> > > > > > > Do you have some ways to do this adaptations?  Thanks a
> million.
> > > > > > >
> > > > > > > BRs/Faxin
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ------------------------
> > > > > > Guillaume Nodet
> > > > > > ------------------------
> > > > > > Blog: http://gnodet.blogspot.com/
> > > > > > ------------------------
> > > > > > FuseSource, Integration everywhere http://fusesource.com
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ------------------------
> > > > > Guillaume Nodet
> > > > > ------------------------
> > > > > Blog: http://gnodet.blogspot.com/
> > > > > ------------------------
> > > > > FuseSource, Integration everywhere http://fusesource.com
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > ------------------------
> > > > Guillaume Nodet
> > > > ------------------------
> > > > Blog: http://gnodet.blogspot.com/
> > > > ------------------------
> > > > FuseSource, Integration everywhere http://fusesource.com
> > > >
> > >
> > >
> > >
> > > --
> > > ------------------------
> > > Guillaume Nodet
> > > ------------------------
> > > Blog: http://gnodet.blogspot.com/
> > > ------------------------
> > > FuseSource, Integration everywhere http://fusesource.com
> > >
> >
> >
> >
> > --
> > ------------------------
> > Guillaume Nodet
> > ------------------------
> > Blog: http://gnodet.blogspot.com/
> > ------------------------
> > FuseSource, Integration everywhere
> > http://fusesource.com
> >
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>



--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com

Mime
View raw message