PostgreSQL performance test use ssh tunnel

13 minute read

背景

前面一篇BLOG介绍了PostgreSQL ssl数据加密的性能, 相比未加密性能下降得比较厉害.

http://blog.163.com/digoal@126/blog/static/16387704020134229431304/

本文将测试一下ssh tunnel加密的性能情况.

测试机与前面测试一致.

正文

首先在测试机生成key.

pg92@db-172-16-3-39-> ssh-keygen -t rsa  

一路回车

生成私钥和公钥.

pg92@db-172-16-3-39-> cd .ssh  
pg92@db-172-16-3-39-> ll  
total 8.0K  
-rw------- 1 postgres postgres 887 May 23 07:32 id_rsa  
-rw-r--r-- 1 postgres postgres 246 May 23 07:32 id_rsa.pub  

查看公钥内容, 将要拷贝到数据库服务器上.

pg92@db-172-16-3-39-> cat id_rsa.pub   
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzRL55hHqAqW8HVQ54fpmZ76QEU6NP/dSdu56bNf61+bVDHl/VHEAlQOAdYI3eCsxCv3BmWDiCFR++LjmnRDU7DvTbWZlKk6xmxlWr9uWgHyXbNLrLSqXm8SapS86ATxTxOvT2w5kEgszFtsgoomrCJhQaVLQFU8geL6IXFNr5/g4nK1R2GbQH4eoBFE1a0eh61OhY6+Jq0eaKhZqaLI+Ed8Q5Ce5JjyG8DGhzY2S63OFpncCN2qTjjh8Vhl4SlwF/XZmCZILEfKHUVCi/jKnC068yfcvNl5QmSw2FlELpWFkoxNiCGarSpgXTC3CigBuKmcjR+z7gbHrhbSgnpM4fQ== pg92@db-172-16-3-39.sky-mobi.com  

在数据库服务器上写入公钥.

[root@db-172-16-3-33 ~]# su - pg93  
pg93@db-172-16-3-33-> cd .ssh  
-bash: cd: .ssh: No such file or directory  
pg93@db-172-16-3-33-> mkdir .ssh  
pg93@db-172-16-3-33-> cd .ssh  
pg93@db-172-16-3-33-> vi authorized_keys  

将172.16.3.39的id_rsa.pub复制过来.

配置各目录权限 :

pg93@db-172-16-3-33-> cd ~  
pg93@db-172-16-3-33-> chmod 700 ~  
pg93@db-172-16-3-33-> chmod 700 .ssh  
pg93@db-172-16-3-33-> chmod 400 .ssh/authorized_keys  

验证公钥是否生效, 不需要输入密码则正常.

pg92@db-172-16-3-39-> ssh pg93@172.16.3.33 date  
Thu May 23 07:37:14 CST 2013  

在测试机上创建连接到数据库服务器的ssh隧道,

pg92@db-172-16-3-39-> ssh -o CompressionLevel=9 -p 22 -CqTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
pg92@db-172-16-3-39-> netstat -anp|grep 17100  
(Not all processes could be identified, non-owned process info  
 will not be shown, you would have to be root to see it all.)  
tcp        0      0 0.0.0.0:17100               0.0.0.0:*                   LISTEN      12954/ssh  

测试通过隧道连接数据库是否正常.

pg92@db-172-16-3-39-> psql -h 127.0.0.1 -p 17100 -U postgres -d digoal  
psql (9.2beta1, server 9.3devel)  
WARNING: psql version 9.2, server version 9.3.  
         Some psql features might not work.  
SSL connection (cipher: RC4-SHA, bits: 128)  
Type "help" for help.  
digoal=#   

此时数据库服务端开了hostssl认证, 因为用了ssh加密, 所以ssl加密可以关掉.

修改pg_hba.conf, 强制nossl认证.

pg93@db-172-16-3-33-> cd $PGDATA  
pg93@db-172-16-3-33-> vi pg_hba.conf   
hostnossl    all             all             127.0.0.1/32            trust  
  
pg_ctl reload  

再次连接, 无加密.

pg92@db-172-16-3-39-> psql -h 127.0.0.1 -p 17100 -U postgres -d digoal  
psql (9.2beta1, server 9.3devel)  
WARNING: psql version 9.2, server version 9.3.  
         Some psql features might not work.  
Type "help" for help.  
digoal=#   

实际上在客户端连接时也可以指定是否需要使用SSL连接数据库。

           $ psql "service=myservice sslmode=require"  
           $ psql postgresql://dbmaster:5433/mydb?sslmode=require  
  
  
               => \c mydb myuser host.dom 6432  
               => \c service=foo  
               => \c "host=localhost port=5432 dbname=mydb connect_timeout=10 sslmode=disable"  
               => \c postgresql://tom@localhost/mydb?application_name=myapp  

测试性能

与上一篇blog测试openssl配置的环境一致, 好有个对比.

http://blog.163.com/digoal@126/blog/static/16387704020134229431304/

测试结果 :

pg92@db-172-16-3-39-> pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 16 -j 4 digoal  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 16  
number of threads: 4  
duration: 60 s  
number of transactions actually processed: 1008287  
tps = 16804.427360 (including connections establishing)  
tps = 16818.105936 (excluding connections establishing)  

关闭隧道压缩, 再次测试 :

pg92@db-172-16-3-39-> ps -ewf|grep ssh  
root       949     1  0 Mar21 ?        00:00:00 /usr/sbin/sshd  
root      7681   949  0 May22 ?        00:00:00 sshd: root@pts/0   
root      9022   949  0 May22 ?        00:00:00 sshd: root@pts/2   
pg92     12954     1 18 07:57 ?        00:00:47 ssh -o CompressionLevel=9 -p 22 -CqTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
pg92     12984 12904  0 08:01 pts/0    00:00:00 grep ssh  
pg92@db-172-16-3-39-> kill 12954  
pg92@db-172-16-3-39-> ssh -p 22 -o "Compression no" -qTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  

测试结果 :

pg92@db-172-16-3-39-> pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 16 -j 4 digoal  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 16  
number of threads: 4  
duration: 60 s  
number of transactions actually processed: 434617  
tps = 7241.081323 (including connections establishing)  
tps = 7247.051105 (excluding connections establishing)  

开启压缩, 并更改加密暗语为blowfish:

pg92@db-172-16-3-39-> ps -ewf|grep ssh  
root       949     1  0 Mar21 ?        00:00:00 /usr/sbin/sshd  
root      7681   949  0 May22 ?        00:00:00 sshd: root@pts/0   
root      9022   949  0 May22 ?        00:00:00 sshd: root@pts/2   
pg92     13051     1 11 08:04 ?        00:00:18 ssh -p 22 -o Compression=no -qTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13067 12904  0 08:06 pts/0    00:00:00 grep ssh  
pg92@db-172-16-3-39-> kill 13051  
pg92@db-172-16-3-39-> ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  

测试结果 :

pg92@db-172-16-3-39-> pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 16 -j 4 digoal  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 16  
number of threads: 4  
duration: 60 s  
number of transactions actually processed: 1039471  
tps = 17323.172100 (including connections establishing)  
tps = 17338.330403 (excluding connections establishing)  

小结

1. 使用ssh 隧道比直接在数据库上配置ssl加密要慢, 因为只使用了1个隧道.

如果建立多个隧道会不会更好一点呢?

建立8个隧道.

ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17101:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17102:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17103:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17104:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17105:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17106:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17107:127.0.0.1:1999 pg93@172.16.3.33  
pg92@db-172-16-3-39-> ps -ewf|grep ssh|grep -v grep  
root       949     1  0 Mar21 ?        00:00:00 /usr/sbin/sshd  
root      7681   949  0 May22 ?        00:00:00 sshd: root@pts/0   
root      9022   949  0 May22 ?        00:00:00 sshd: root@pts/2   
pg92     13204     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13210     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17101:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13216     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17102:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13222     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17103:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13228     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17104:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13234     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17105:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13240     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17106:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13246     1  0 08:34 ?        00:00:00 ssh -o CompressionLevel=9 -c blowfish -p 22 -CqTfnN -L *:17107:127.0.0.1:1999 pg93@172.16.3.33  

测试 :

pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17101 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17102 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17103 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17104 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17105 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17106 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17107 -U postgres -T 60 -c 2 -j 1 digoal &  
  
pg92@db-172-16-3-39-> jobs  
[1]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 2 -j 1 digoal &  
[2]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17101 -U postgres -T 60 -c 2 -j 1 digoal &  
[3]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17102 -U postgres -T 60 -c 2 -j 1 digoal &  
[4]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17103 -U postgres -T 60 -c 2 -j 1 digoal &  
[5]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17104 -U postgres -T 60 -c 2 -j 1 digoal &  
[6]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17105 -U postgres -T 60 -c 2 -j 1 digoal &  
[7]-  Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17106 -U postgres -T 60 -c 2 -j 1 digoal &  
[8]+  Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17107 -U postgres -T 60 -c 2 -j 1 digoal &  

测试结果 :

pg92@db-172-16-3-39-> transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 221246  
tps = 3687.366100 (including connections establishing)  
tps = 3693.281275 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 224540  
tps = 3742.294039 (including connections establishing)  
tps = 3745.909116 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 222014  
tps = 3700.200155 (including connections establishing)  
tps = 3703.833274 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 225675  
tps = 3761.186749 (including connections establishing)  
tps = 3765.324960 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 226583  
tps = 3776.300569 (including connections establishing)  
tps = 3782.679035 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 230229  
tps = 3837.095577 (including connections establishing)  
tps = 3841.695622 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 226564  
tps = 3775.985231 (including connections establishing)  
tps = 3782.328437 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 218551  
tps = 3642.426638 (including connections establishing)  
tps = 3648.666129 (excluding connections establishing)  

合计比单个端口代理要高, 但是比直接使用ssl加密要低.

关闭压缩测试, 比以上测试tps略高 :

ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17101:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17102:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17103:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17104:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17105:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17106:127.0.0.1:1999 pg93@172.16.3.33  
ssh -o "Compression no" -c blowfish -p 22 -qTfnN -L *:17107:127.0.0.1:1999 pg93@172.16.3.33  
  
pg92@db-172-16-3-39->  ps -ewf|grep ssh|grep -v grep  
root       949     1  0 Mar21 ?        00:00:00 /usr/sbin/sshd  
root      7681   949  0 May22 ?        00:00:00 sshd: root@pts/0   
root      9022   949  0 May22 ?        00:00:00 sshd: root@pts/2   
pg92     13294     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17100:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13300     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17101:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13306     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17102:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13312     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17103:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13318     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17104:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13324     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17105:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13330     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17106:127.0.0.1:1999 pg93@172.16.3.33  
pg92     13336     1  0 08:38 ?        00:00:00 ssh -o Compression no -c blowfish -p 22 -qTfnN -L *:17107:127.0.0.1:1999 pg93@172.16.3.33  

测试 :

pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17101 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17102 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17103 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17104 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17105 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17106 -U postgres -T 60 -c 2 -j 1 digoal &  
pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17107 -U postgres -T 60 -c 2 -j 1 digoal &  
  
pg92@db-172-16-3-39-> jobs  
[1]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17100 -U postgres -T 60 -c 2 -j 1 digoal &  
[2]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17101 -U postgres -T 60 -c 2 -j 1 digoal &  
[3]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17102 -U postgres -T 60 -c 2 -j 1 digoal &  
[4]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17103 -U postgres -T 60 -c 2 -j 1 digoal &  
[5]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17104 -U postgres -T 60 -c 2 -j 1 digoal &  
[6]   Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17105 -U postgres -T 60 -c 2 -j 1 digoal &  
[7]-  Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17106 -U postgres -T 60 -c 2 -j 1 digoal &  
[8]+  Running                 pgbench -M prepared -n -f ./sel.sql -h 127.0.0.1 -p 17107 -U postgres -T 60 -c 2 -j 1 digoal &  

测试结果 :

pg92@db-172-16-3-39-> transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 231898  
tps = 3864.904506 (including connections establishing)  
tps = 3871.202723 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 234955  
tps = 3915.837110 (including connections establishing)  
tps = 3924.836512 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 241359  
tps = 4022.581549 (including connections establishing)  
tps = 4032.042374 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 237272  
tps = 3954.495436 (including connections establishing)  
tps = 3960.789268 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 235486  
tps = 3924.681501 (including connections establishing)  
tps = 3933.783948 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 245445  
tps = 4090.663073 (including connections establishing)  
tps = 4097.263762 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 233128  
tps = 3885.425157 (including connections establishing)  
tps = 3889.080854 (excluding connections establishing)  
transaction type: Custom query  
scaling factor: 1  
query mode: prepared  
number of clients: 2  
number of threads: 1  
duration: 60 s  
number of transactions actually processed: 238585  
tps = 3976.336212 (including connections establishing)  
tps = 3982.943184 (excluding connections establishing)  

合计比单个端口代理要高, 但是比直接使用ssl加密要低.

参考

1. http://blog.163.com/digoal@126/blog/static/1638770402013324103828603/

2. http://blog.163.com/digoal@126/blog/static/16387704020134229431304/

3. http://blog.163.com/digoal@126/blog/static/163877040201342233131835/

4. man ssh

     -c cipher_spec  
             Selects the cipher specification for encrypting the session.  
  
             Protocol version 1 allows specification of a single cipher.  The supported values are “3des”, “blowfish”,  
             and “des”.  3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.  It is  
             believed to be secure.  blowfish is a fast block cipher; it appears very secure and is much faster than  
             3des.  des is only supported in the ssh client for interoperability with legacy protocol 1 implementa-  
             tions that do not support the 3des cipher.  Its use is strongly discouraged due to cryptographic weak-  
             nesses.  The default is “3des”.  
  
             For protocol version 2, cipher_spec is a comma-separated list of ciphers listed in order of preference.  
             The supported ciphers are: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr,  
             aes256-ctr, arcfour128, arcfour256, arcfour, blowfish-cbc, and cast128-cbc.  The default is:  
  
                   aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,  
                   arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,  
                   aes192-ctr,aes256-ctr  

Flag Counter

digoal’s 大量PostgreSQL文章入口