High Performance SSH/SCP - HPN-SSH
OpenSSH_6.8p1-hpn14v5, OpenSSL 1.0.2a 19 Mar 2015
This small layer adds 6MB to the [archlinux-small]
This is both the server and the client. With the default being the server running as an [S6 service]
There are some nice speedup improvements to this. One of the nice features of this is the NONE cipher
for when there isn't at TTY allocated. ie: SCP. (authentication is still encrypted but your data
isn't. So keep that in mind (ie: It is fine for images and video but not OK for your bitcoin wallet).
On the client you would use it as:
ssh user@hostname oNoneEnabled=true -oNoneSwitch=yes
You can also use one of the multithread ciphers for when a TTY is allocated like:
ssh user@hostname -oCipher=aes128-ctr
Docker Images Structure
The server follows these docker conventions:
-itwill run an interactive session that can be terminated with CTRL+C.
--rmwill run a temporary session that will make sure to remove the container on exit.
-v $HOME/.ssh/authorized_keys:/authorized_keys:ro(optionally provide your keys authorized keys)
-p 49158:22port to map to port 22.
If you have authorized public keys it will use them for both the root/docker users. I like using it
this way for example if I throw this up on AWS and I just use the same keys both both the primary
sshd server and the docker containers.
If you pass it keys it will disable password logging in. If you don't pass it authorized keys it
will enable the login via password.
The default user/password is docker/docker
docker run \ -ti \ --rm \ -v $HOME/.ssh/authorized_keys:/authorized_keys:ro \ -h docker \ -p 49158:22 \ yantis/archlinux-small-ssh-hpn
To use the client you can just run it as so to get a shell (or /bin/bash if you prefer)
docker run -ti --rm yantis/archlinux-small-ssh-hpn /bin/zsh
This example uploads a file to your server.
docker run -ti --rm -v ~/Downloads:/Downloads yantis/archlinux-small-ssh-hpn scp -P 49158 -oNoneEnabled=true -oNoneSwitch=yes /Downloads/alpine-3.1.3-x86_64.iso docker@monster:~/
This example uses a private key to connect to your server and runs xeyes.
xhost +si:localuser:$(whoami) >/dev/null docker run \ -ti \ --rm \ -e DISPLAY \ -v /tmp/.X11-unix:/tmp/.X11-unix:ro \ -v ~/.ssh/privatekey.pem:/home/docker/.ssh/privatekey.pem:ro \ -u docker \ yantis/archlinux-small-ssh-hpn ssh -X -i /home/docker/.ssh/privatekey.pem docker@yourserver -p 49158 -t xeyes
If you look at the below screenshot I ran three tests. First one is normal, second one is the NONE
cipher and the third one was normal to show no caching was going on.
The NONE cipher was twice as fast.
If you have AWS and If this is something you want to play with check out the launch.sh
script on github. It will create a new AWS ec2 instance, install docker and launch the container then log you in. It should work with the AWS free tier.