No; you should keep it turned on, for security reasons.
Today's CPUs are fast enough that performance losses (if any) only are noticable for local Ethernet speeds, or faster.
You might want to specify blowfish encryption instead of the default, IDEA for SSH1 and 3DES for SSH2, with -c blowfish, for faster operation.
Following are some measurements where the different encryption methods were applied between a P5/90 and a 486/100, both running Linux, for copying files with scp across a lightly loaded Ethernet.
The model chosen was t=a+x/b; a is the startup time in seconds, and b the sustainable transfer rate in kB/s. Also given are the 68.3% confidence intervals for the data, as determined by the Levenberg-Marquardt algorithm as implemented a pre-3.6 version of gnuplot.
Encryption a[s] da[s] b[kB/s] db[kB/s] none 2.37 0.37 386.1 5.8 rc4 1.96 0.27 318.2 2.9 tss 2.33 0.37 298.5 3.5 des 2.07 0.19 218.8 1.0 idea 2.25 0.45 169.6 1.3 3des 1.92 0.11 118.2 0.2Across a heavily loaded Ethernet, rc4 encryption together with compression may actually be faster than using rcp.
Secure Shell 2 is also on the Internet Standards Track. This means that a second, independent implementation is required. The only other current SSH2 implementation is lsh. Look at www.lysator.liu.se/~nisse/archive/ for more information.
You will have to be aware of patents, like RSA and IDEA, and export control issues before writing a second implementation.
Maintainer's note: This will probably be moved to another section in the FAQ later on...
Here is a simple script by Ross Golder to make using ssh more transparent. When you first login (open an Xterm etc.), you'll be prompted for your passphrase. After that, it will automatically configure your environment to the ssh-agent it started.
When logging out of a multi-user machine, I just use a 'killall ssh-agent' (not as root!).
Install the following file as $HOME/.ssh/setup and set the execute permission (chmod 700 setup), and add a call to it in your $HOME/.bashrc.
#!/bin/sh # Checks for current ssh agent, otherwise starts one. # For bash and ksh users: # # include the following in your ~/.bashrc or ~/.kshrc or ~/.profile # # . $HOME/.ssh/setup # # For csh and tcsh users: # # include the following in your ~/.cshrc or ~/.tcshrc # # source $HOME/.ssh/setup # SSH_ENV=$HOME/.ssh/environment function start_agent { echo "Initialising new SSH agent..." ssh-agent > ${SSH_ENV} chmod 600 ${SSH_ENV} . ${SSH_ENV} > /dev/null ssh-add } # Source SSH settings, if applicable if [ -f "${SSH_ENV}" ]; then . ${SSH_ENV} > /dev/null ps ${SSH_AGENT_PID} > /dev/null || { start_agent; } else start_agent; fi
| Table of contents of this chapter | | General table of contents | | Beginning of this section |