Ever wondered how to save some CPU cycles on a very busy or slow x86 system when it comes to SSH/SCP transfers?
Here is how we performed the benchmarks, in order to answer the above question:
- 41 MB test file with random data, which cannot be compressed – GZip makes it only 1% smaller.
- A slow enough system – Bifferboard. Bifferboard CPU power is similar to a Pentium @ 100Mhz.
- The other system is using a dual-core Core2 Duo @ 2.26GHz, so we consider it fast enough, in order not to influence the results.
- SCP file transfer over SSH using OpenSSH as server and client.
As stated at the Ubuntu man page of ssh_config, the OpenSSH client is using the following Ciphers (most preferred go first):
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
In order to examine their performance, we will transfer the test file twice using each of the ciphers and note the transfer speed and delta. Here are the shell commands that we used:
for cipher in aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour ; do |
echo "$cipher" |
for try in 1 2 ; do |
scp -c "$cipher" test-file [email protected]: |
done |
done |
You can review the raw results in the “ssh-cipher-speed-results.txt” file. The delta difference between the one and same benchmark test is within 16%-20%. Not perfect, but still enough for our tests.
Here is a chart which visualizes the results:
The clear winner is Arcfour, while the slowest are 3DES and AES. Still the question if all OpenSSH ciphers are strong enough to protect your data remains.
It’s worth mentioning that the results may be architecture dependent, so test for your platform accordingly.
Also take a look at the below comment for the results of the “i7s and 2012 xeons” tests.