I want to establish a ssh tunnel for transferring data from my computer to a remote machine through a gateway machine.
I want to copy large amount of data, thus I use blowfish for encryption and enable the compression.
Which of the following commands is correctly setup the encryption and compression:
-
Define the compression and encryption within ProxyCommand:
ssh -L 5555:127.0.0.1:555 -o ProxyCommand="ssh -c blowfish -C user@gateway nc -q0 target 2222" user2@target -v -
Define the compression and encryption within the main ssh command:
ssh -L 5555:127.0.0.1:555 -c blowfish -o ProxyCommand="ssh user@gateway nc -q0 target 2222" -C user2@target -v -
Define the compression and encryption both in the ProxyCommand and ssh command:
ssh -L 5555:127.0.0.1:555 -c blowfish -o ProxyCommand="ssh -c blowfish -C user@gateway nc -q0 target 2222" -C user2@target -v
The debug message (-v) informs me that the compression is enabled.
Does the option 3 make ssh to compress the data two times?
Best Answer
Command 1 will compress data between the client and gateway, but not between the gateway and target. Option 2 will compress data between the client and target (at the expense of not compressing some protocol level data, which won't be significant). Option 3 will compress data between the client and target, and double compress data between the client and gateway (which you definitely don't want).
If the bandwidth between the gateway and target is high (e.g. LAN speed) then go with option 1. If not, go with option 2.