I am forced to use SSH tunneling to access many servers (over 100) via one gateway server. To keep connection alive I am using autossh. Everything works pretty well until there is high traffic (people are connecting to most of the servers at once). then ssh process reaches 12% of cpu (which is configured maximum for separate process) and no connection is working anymore - i have to restart autossh script. What could be the possible reason for that?
1
- Well, I can image that the SSH-inception, causes a lot of encryption/compression overhead, once you reach the threshold of 12%, I think the system doesn't handle it nice enough for SSH to keep working.Bart De Vos– Bart De Vos2012-06-22 08:38:58 +00:00Commented Jun 22, 2012 at 8:38
Add a comment |
2 Answers
The reason is that you have maxed out the amount of CPU you are being allowed to use. SSH requires CPU-intensive cryptographic operations. Basically, you are trying to put ten pounds of flour in a five pound bag.
- OK it might be that one. So if the 12% max is the requirement... is there some other way to "route" those connections? Except standard network routing, which is impossible in my case.middleofdreams– middleofdreams2012-06-25 05:40:51 +00:00Commented Jun 25, 2012 at 5:40
- It depends on your requirements. For example, if you don't need encryption (or have it elsewhere thanks to IPsec or something similar), you could use SSH tunneling without encryption. That will reduce the CPU requirements significantly.David Schwartz– David Schwartz2012-06-25 13:50:30 +00:00Commented Jun 25, 2012 at 13:50
Another option is to multiplex the connections to the gateway server on a single one. OpenSSH supports this: you'll need to use the ControlMaster configuration option. Here's a review on its pros and cons.
