Missing replication encryption option
Since moving from FreeNAS 9.3 to 9.10, we have lost the option to set "Encryption Cipher" to "Disabled", for replication. This was quiet necessary in my customers environment for replication across the WAN, as it greatly improved the replication run-time for the required datasets, which are very large (on is 32TB in size). We had to upgrade to 9.10 to resolve some stability issues and had to remove the original seed replication and start over, only to find that the "Disabled" option was gone and that replication for the initial seed was now taking weeks to complete.
Could you please advise if this will be once again made available in 9.10 (or perhaps 10), and what the timeline could be?
feat(rc.d): generate sshd_config for openssh-portable instead
feat(rc.d): enable using openssh_enable instead of sshd_enable
feat(gui): re-add choice to disable encryption in replication
Revert "NoneEnabled is no longer a "thing""
This reverts commit 6e5e89b53cd9d9b13ecad705ebc93eb268a53d4c.
#2 Updated by Jordan Hubbard almost 3 years ago
The upstream OpenSSH project removed the "None" cipher option a few builds back, and due to security updates and such, it was necessary for us to move to newer versions of OpenSSH, so we simply lost the ability to provide that option. FreeNAS 10 does replication differently with a new engine that simply uses ssh to set up the "control channel" and does the replication over another connection for which we can control the amount of compression / encryption / throttling, including "none" for maximum speed. JFYI.
#3 Updated by Kris Moore almost 3 years ago
- Target version set to 9.10.2
I think we've had this discussion before, but openssh-portable does have the NONE cipher option still. (And will have it for foreseeable future, since its used in production by many FBSD users still)
I would propose switching to that at some point, since the FN10 replication engine doesn't help us if we need to SSH large quantities of data to another ZFS system that isn't FN10.
#12 Updated by Suraj Ravichandran over 2 years ago
- Assignee changed from Suraj Ravichandran to William Grzybowski
- % Done changed from 0 to 90
@William I found a bunch of places using the old base ssh and such and have made the appropriate commits as follows:
This one https://github.com/freenas/freenas/commit/fb4153964f60bc49787c95c5429c8f39eaf78863 (which I made to master)
and then further ones which I was not sure of and hence made those commits to a side branch: https://github.com/freenas/freenas/commit/4202373a98a296f6cdf2542cc4fca95b0a0c5b57
I am handing this ticket back to you (as the rest of it is fine) and if you find the fix branch to be sane please merge it back and then set this ticket as reviewed.