[luau] restricting directory access
warren at togami.com
warren at togami.com
Sun Apr 28 02:15:06 PDT 2002
> On Sat, 27 Apr 2002, Rodney Kanno wrote:
>>The main reason for me allowing ssh access is transfer files (photo
>>library, home video, linux, etc..)that are too large for email to
>>friends/family.
>
> SSH access seems to be overkill to me.
Yes, it can be, but the clients are getting a lot more friendly these
days. I'mconvincing a whole ton of people to stop using FTP and use SCP (for security
purposes) by simply showing them WinSCP. Very simple client for Windows.
http://winscp.vse.cz/eng/
The KDE3 kioslave for SFTP is also EXCELLENT. You can use simple URL's
like thisfor remote file management.
sftp://username@servername.com
>
>>It seems that the transfer rate for ssh is much faster than http or is
>>that just my imagination?
>
> Are you using scp/sftp or regular ftp with the ssh session? FTP was
> designed for block transfers. So it is more efficient in transfering
> large amounts of data, i.e. low overhead. I would assume sftp has the
> same advantage. I don't know about scp. HTTP probably has more
> overhead, so it may be a little slower. I don't know enough about HTTP
> to say whether this overhead has a big impact on large file transfers.
> It could be the handshaking that makes the HTTP file transfers seem
> slow. But that is just a guess.
>
Which protocol is faster depends on where the bottleneck is. I don't know
how FTPor HTTP can compare in overhead, but data transferred through SCP and SFTP
via a SSHconnection can actually be faster if the amount of bandwidth is small... like
probably DSL and lower. This is due to the built in zlib compression that
it cando.
However, when bandwidth is plentiful like with local area networks or
downstreamRoadRunner, the CPU speed on both sides of the connection is usually the
limitingfactor. The SSH data rate then depends heavily on a combination of kernel
optimizations, processor and quality of network card/drivers for
performance. Iusually get about 1-2MB/sec locally via SSH with a 450MHz machine as the
weakerlink. Enabling zlib compression for this type of high bandwidth
connection may onlyslow your transfer.
You can change the cypher to less secure but less CPU intensive stuff like
blowfishor DES. This will further increase through-put but sacrifice security.
This alsohas the benefit of reducing latency, useful if you are tunneling VNC or other
real-time protocols through SSH.
If you really want to maximize your SSH transfer rate, hack the OpenSSH
source codeto enable "None" as your cypher. Some people actually do this because
they onlycare about securing their login password (not the transfer of data), and
they wantmaximum speed. I don't suggest doing this. Even this would be higher
overhead thanHTTP or FTP because it is still TCP encapsuled within TCP
..
More information about the LUAU
mailing list