frebsd jails advice

Matthew Seaman matthew at FreeBSD.org
Mon Dec 10 17:53:08 UTC 2018 

On 10/12/2018 17:28, doug at safeport.com wrote:
> 
> On Mon, 10 Dec 2018, Ken M wrote:
> 
>> Depending on the ssh encryption format ssh -X can actually be slower 
>> than VNC.
>>
>> I offer a third suggestion, I find XRDP to be very handy combined with 
>> remmina.
>>
>> Ken
>>
>> On Mon, Dec 10, 2018 at 04:50:21PM +0100, Andrea Venturoli wrote:
>>> On 12/10/18 12:58 PM, Marko Turk wrote:
>>>
>>>> I suggest you install some VNC server inside the jails and then connect
>>>> with VNC viewer from the host.
>>>
>>> I disagree: it's too much trouble, it's slow, it's memory consuming.
>>>
>>> "ssh -X"ing into the jail works much better.
>>>
>>> Just my 2c.
>>>
> 
> I agree with the ssh-ing. I have been doing this since 5.2 on bandwidths 
> ranging from dial-up modem to my current 50mbps. Even on the modems 
> response was always better than I can type. Detail on encryption that do 
> not work would be most helpful. I have akways used RSA.

Assuming you're using fairly recent FreeBSD for both ends of the SSH 
connection, then you can use RSA, ECDHA or ED_25519 type keys for 
authentication.  Which of these you use doesn't make much difference to 
overall performance as the PKI part is only used at login time for 
authentication and to securely exchange a session key -- that's 
symmetric encryption using a cipher like chacha20-poly1305 at openssh.com 
or aes256-gcm at openssh.com.  These symmetric-key ciphers handle all of 
the actual traffic.  They're also significantly faster than the 
asymmetric encryption.

In fact, anything reputable offering encrypted network traffic nowadays 
will be using pretty much the same set of ciphers as SSH.  So overall 
performance differences will probably come down to the volume and nature 
of the data being sent to-and-fro, and the characteristics of the 
networks you're traversing.

'ssh -X' basically sends a stream of X events -- mouse movements, button 
clicks, key presses, in one direction, window redraws, etc. in the 
other; whereas VNC sends a raster image of the screen, usually with 
various traffic compression applied, including such techniques as 
sending only the deltas between successive frames.

Which one turns out faster depends entirely on the application you're 
running and how you're interacting with it.  'ssh -X' is usually "fast 
enough" if client and server are on fairly nearby networks with a low 
latency, reasonably high bandwidth connection between them -- so both on 
the same LAN.  It suffers if your client app is way away in darkest 
Elbonia at the other end of a piece of wet string, and VNC can indeed 
perform better there.  On a good network though, you'll likely not 
notice much difference whatever way you work it.

	Cheers,

	Matthew

More information about the freebsd-questions mailing list