Forwarded ports are not compressed - SSH

This is a discussion on Forwarded ports are not compressed - SSH ; Either between 2 OpenSSH_4.1p1 Debian-7ubuntu4 boxes, or between 2 OpenSSH_3.5p1 (old redhat) boxes I find that only the command stream is compressed, never the forwarded ports. I have a 15MB test file that will compress to 1% of its main ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Forwarded ports are not compressed

  1. Forwarded ports are not compressed

    Either between 2 OpenSSH_4.1p1 Debian-7ubuntu4 boxes, or between 2
    OpenSSH_3.5p1 (old redhat) boxes I find that only the command stream is
    compressed, never the forwarded ports.

    I have a 15MB test file that will compress to 1% of its main size.

    This command:

    cat /tmp/flowRoot2144.bmp | ssh -1 -v -v -o Compression=yes -o
    Compressionlevel=9 -L999:localhost:22 root@REMOTEHOST 'cat > /tmp/x'

    is very quick, but this:

    ssh -C -999:localhost:22 -p 22 root@REMOTEHOST
    (and then from another terminal)
    scp -P 999 /tmp/flowRoot2144.bmp root@localhost:/tmp/x

    runs VERY slowly, and iptables packet logging indicates that around 16M
    of data is transferred.

    Of course I can do:
    scp -C -P 999 /tmp/flowRoot2144.bmp root@localhost:/tmp/x

    but it's not an SCP I am trying to compress, but the flows over some
    forwarded ports.

    What am I doing wrong? Openssh man pages claim: "Requests compression of
    all data (including stdin, stdout, stderr, and data for forwarded X11
    and TCP/IP connections)" but I fail miserably to find any evidence of it
    compressing ports; use of -v -v shows it doesn't even try; except for
    the main interactive session which is compressed when I ask.

    Sam

  2. Re: Forwarded ports are not compressed

    In article ,
    Sam Liddicott wrote:
    >Either between 2 OpenSSH_4.1p1 Debian-7ubuntu4 boxes, or between 2
    >OpenSSH_3.5p1 (old redhat) boxes I find that only the command stream is
    >compressed, never the forwarded ports.
    >
    >I have a 15MB test file that will compress to 1% of its main size.
    >
    >This command:
    >
    >cat /tmp/flowRoot2144.bmp | ssh -1 -v -v -o Compression=yes -o
    >Compressionlevel=9 -L999:localhost:22 root@REMOTEHOST 'cat > /tmp/x'
    >
    >is very quick, but this:
    >
    >ssh -C -999:localhost:22 -p 22 root@REMOTEHOST
    >(and then from another terminal)
    >scp -P 999 /tmp/flowRoot2144.bmp root@localhost:/tmp/x
    >
    >runs VERY slowly, and iptables packet logging indicates that around 16M
    >of data is transferred.


    This is because that inner scp is encrypting the data, so the outer ssh only
    gets to see encrypted data, which is incompressible.

    >What am I doing wrong? Openssh man pages claim: "Requests compression of
    >all data (including stdin, stdout, stderr, and data for forwarded X11
    >and TCP/IP connections)" but I fail miserably to find any evidence of it
    >compressing ports; use of -v -v shows it doesn't even try; except for
    >the main interactive session which is compressed when I ask.


    The compression in either SSH-1 or SSH-2 applies to all packets. OpenSSH
    would have to jump through some fairly silly hoops to selectively compress
    only traffic on the main session. My suspicion is that the traffic you're
    port-forwarding isn't as compressible as you think.

    --
    Ben Harris


  3. Re: Forwarded ports are not compressed

    Ben Harris wrote:

    >>What am I doing wrong? Openssh man pages claim: "Requests compression of
    >>all data (including stdin, stdout, stderr, and data for forwarded X11
    >>and TCP/IP connections)" but I fail miserably to find any evidence of it
    >>compressing ports; use of -v -v shows it doesn't even try; except for
    >>the main interactive session which is compressed when I ask.

    >
    >
    > The compression in either SSH-1 or SSH-2 applies to all packets. OpenSSH
    > would have to jump through some fairly silly hoops to selectively compress
    > only traffic on the main session. My suspicion is that the traffic you're
    > port-forwarding isn't as compressible as you think.
    >


    Silly me; you are right, my test traffic, being encrypted scp traffic,
    is not compressable.

    That'll larn me!

    Sam

+ Reply to Thread