Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
On Mon, Jan 27, 2014 at 1:05 AM, Philipp Kern <email@example.com> wrote:
> On 2014-01-25 20:23, Joshuah Hurst wrote:
>> One major advantage over ssh is that krb5-rsh has much lower latency
>> /bin/true on a remote host, doing that in a loop over 1000 logins can
>> take hours with ssh but takes minutes with krb-rsh. ssh is a *major*
>> pain in the arse if you have a distributed cluster which depends on
>> rsh/ssh - with ssh the cpu time overhead is so great that it often
>> doesn't even make sense to call the remote host to offload a job.
>> krb-rsh is much more lightweight, e.g. consumes much less cpu time.
> Given that it is mostly about the handshake, could you try if the
> ControlMaster feature helps here? At least locally for a user and a given
> target host (your /bin/true loop example) it should help. For different
> users or target hosts you will of course still pay the penalty once for
The problem is the general synchronous design of ssh. You can't fix it
without redesigning the protocol itself.
Hint: Before further claiming the obsolesce of krb-rsh/rlogin vs ssh
please try ssh on an ARM box (e.g gumstix) vs krb-rsh. ssh takes
almost 2.6 seconds to complete (even with tuning and using arcfour),
krb-rsh executes the same in less than 0.07 seconds.
If courses there is another issue: What still left as "use case" of
Kerberos5 if krb-rsh and krb-rlogin are no longer available? Typical
university setup is krb-NFSv3/krb-NFSv4 plus krb-rlogin internally and
ssh only for external access. What do you wish to sell them as
krb-rsh/rlogin replacement? ssh? Seriously?