curl-users
CURL Command line tool change SFTP Cipher
Date: Tue, 31 Jan 2012 18:28:06 +0200
Hi There
Can you please let me know if there's any command line switches one can
use to instruct CURL to use certain "Cipher" switches when we need to
SFTP to some host that supports the none Cipher switch. I'm looking at
reducing the overhead of SSH encryption and speed up the SFTP transfers,
by implementing the “none” cipher. From the HP-UX documentation they
specify these as follows. I'm using curl to SFTP to a couple of host to
pull certain files but I do not see any command line switches in the man
pages if I want to use "Ciphers" there's also no man pages to indicate
if CURL or LibCurl will use the ssh config file I've setup on the system
for the particular account I'm using to initiate the SFTP session from.
Q: What is the NONE Cipher Switch?
A: The NONE cipher switch disables data encryption AFTER you have been
authenticated or logged into the remote host. This can significantly
reduce the load on the CPUs of both machines and may improve performance
even more. Its important to remember that the initial authentication
process is still fully encrypted. Additionally, while the data is no
longer encrypted each packet is still digitially signed and protected
against in transit manipulation of the information. Anytime the NONE
cipher is used a warning will be printed to screen saying "WARNING: NONE
CIPHER ENABLED". If you do not see that warning then the None cipher is
not in use.
I did some a comparison between blowfish, arcfour and none. Below are
the results (using the SFTP client from the HP-UX machine), if you could
let me know if CURL and LibCurl got any similar switches I can use to
accomplish the below.
root_at_idrive02# sftp -oCipher=none -oNoneSwitch=yes -oNoneEnabled=yes
faizeli_at_idrivetst01
Connecting to idrivetst01...
Password:
WARNING: ENABLED NONE CIPHER
sftp> put hpux__11.31_06080801.tgz
Uploading hpux__11.31_06080801.tgz to
/usr/users/faizeli/hpux__11.31_06080801.tgz
hpux__11.31_06080801.tgz
100% 120MB 39.9MB/s 23.9MB/s 00:03
Max throughput: 47.9MB/s
root_at_idrive02# sftp -oCipher=blowfish faizeli_at_idrivetst01
Connecting to idrivetst01...
Password:
sftp> put hpux__11.31_06080801.tgz
Uploading hpux__11.31_06080801.tgz to
/usr/users/faizeli/hpux__11.31_06080801.tgz
hpux__11.31_06080801.tgz
100% 120MB 23.9MB/s 21.8MB/s 00:05
Max throughput: 25.9MB/s
root_at_idrive02# sftp -oCipher=arcfour faizeli_at_idrivetst01
Connecting to idrivetst01...
Password:
sftp> put hpux__11.31_06080801.tgz
Uploading hpux__11.31_06080801.tgz to
/usr/users/faizeli/hpux__11.31_06080801.tgz
hpux__11.31_06080801.tgz
100% 120MB 23.9MB/s 17.5MB/s 00:05
Max throughput: 25.8MB/s
Regards
Faizel
This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners
This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link www.vodacom.co.za/vodacom/terms+and+conditions "
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-01-31