I understand that web sites which run https may use SSL Accelerator to speed up the expensive public/private key encryption/decryption computations. So if I have a server that needs to support a lot of SSH connections using public key authentication, does it make sense to use an SSL Accelerator? I have never heard anyone doing it. Is it because the encryption/decryption computation is much simpler in SSH?
Asked
Active
Viewed 611 times
2 Answers
2
Besides Christian's answer, I suspect it's more an issue of scale. How many interactive SSH sessions/connections can one server have active? How many Web Request connections? I think you'll find web requests being orders of magnitude greater than ssh.
For ssh though, it may improve security (and speed) if you can add dedicated RNG device. Key negotiations need lots of randomness, and if your in a situation where your making a lot of ssh sessions rapidly, you may find your entropy pool exhausted. Crypto accelerators typically have High-quality RNG devices too ....
Jason
- 1,885
- 1
- 13
- 12
-2
you can't use an ssl accelerator for ssh. these protocols are different.
but you don't have to use acceleration for ssh, because ssh uses symmetric encryption after establishing a connection with asymmetric encryption.
Christian
- 4,703
- 2
- 24
- 27
-
"because ssh uses symmetric encryption after establishing a connection with asymmetric encryption" -- SSL does exactly the same. – user1686 Jan 24 '10 at 18:46
-
1Actually, not necessarily... if your SSL accelerator can accelerate OpenSSL 'Engine mode', then it will also accelerate SSH. – Andrew McGregor Jan 25 '10 at 04:45