June 27, 2006

It's official! SSH whips HTTPS butt! (in small minor test of no import....)

Finally some figures! We've known for a decade that the SSH model consumes all in its path. What we haven't known is relative quantities. Seen somewhere on the net, this week's report shows Encrypted Traffic. In SSH form: 3.42% In HTTPS form: 1.11%, by volume. For number of packets, it is 3.51 and 1.67 respectively.

SSH3.42%17.45T3.51%20.98%
HTTPS1.11%5.677T1.67%10.00G
IPsec ESP0.14%0.697T0.21%1.211G
IPsec AH0.01%0.054G0.01$0.089G
IPsec IKE0.00%0.001G0.00%0.006G

Approximately a three times domination which is our standard benchmark for a good whipping in military terms. Although this is not a pitched battle of like armies contesting the same space (like the VPN bloodletting to come) it is important to establish that SSH usage is significant, non trivial and exceeds HTTPS on all measures.

IPsec barely twitched the needle and others weren't reported. Curiously, the amount of HTTPS is way up compared to HTTP: about 7-8%. I would have expected much less, the many silent but resiliant readers of FC have more impact than previously thought.

There's one monster catch: this is "Internet 2" which is some weird funded different space, possibly as relevant to the real net as candy prices are to the economy. Also, no mention of Skype. Use of Rsync and FTP slightly exceeds that of all encrypted traffic. Hmmm.... people still use Rsync. What is wrong here? I have not come across an rsync user since ... since ... Any clues?

Still it's a number. Any number is good for an argument.

Posted by iang at June 27, 2006 04:05 PM | TrackBack
Comments

I'm a bit puzzled by the reference to rsync in last paragraph - it is not a means of network transport. You might as well mention tar as an example of unencrypted communications.

In both cases the program can be used as a way to select the files involved in a network transfer and convert the list to a data stream for the transfer, and reverse the process on the destination, but the actual transfer over a network is done using something like rsh or ssh, in which case it would seem that such transfers should count toward rsh or ssh statistics as appropriate.

For what it is worth I don't know anyone that uses rsync between machines using anything less than ssh, but to me it still seems eminently useful when used with ssh.

Posted by: Digbyt at June 27, 2006 06:54 PM

Thanks for the pointer. Very interesting topic you cover: I am Ctl-Ding you and autodiscovering your feed as we speak! :-)

Posted by: Colin at July 1, 2006 02:49 PM

slightly related news item from today

Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
http://www.linuxsecurity.com/content/view/123451/65/

this is actually RFC 4255 which was published last January
... from my RFC index, RFC4255 summary
http://www.garlic.com/~lynn/rfcidx14.htm#4255

4255 PS

Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, Griffin W., Schlyter J., 2006/01/03 (9pp) (.txt=18399) (Refs 1034, 1035, 2411, 2845, 2931, 3007, 4033, 4034, 4035, 4251, 4253)

... as always, clicking on the ".txt=nnnn" field retrieves the actual RFC.

Note that I've been claiming for years that something similar could be done for SSL ... eliminating requirement for the existing digital certificate process. lots of past ssl certificate postings
http://www.garlic.com/~lynn/subpubkey.html#sslcert

Posted by: Lynn Wheeler at July 5, 2006 06:48 PM

Cleartext rsync is still used quite heavily for updating mirror sites when used in a pull model. Tihs is rsync over a straight TCP session, no underlying transport like SSH/RSH/telnet is in use.

Obviously rsync over ssh is a very actively used setup. I'd imagine that the author is confusing rsync with rcp.

Posted by: Nathan Neulinger at July 6, 2006 06:33 PM

> I'd imagine that the author is confusing rsync with rcp.

Yes, I was :)

Posted by: Iang at July 6, 2006 07:45 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.