Slightly less Random Ramblings

December 17, 2007

OpenSSH over high speed networks

Filed under: openssh, scp, ssh, ssh performance — Robert Wicks @ 7:01 pm

We run gigabit Ethernet in the network at work. I noticed that my actual throughput on scp transfers was in the 200Mbit/s range. Iperf wirespeed tests indicated over 900Mbit/s. Now, obviously encryption will bring about some cost, but that seemed a bit much for me, so I set to try tuning things a bit. As a result, I think I can confidently make the following recommendations to those running OpenSSH over high speed networks:

1) Upgrade your SSH server. OpenSSH 4.3 was about 1/3 faster than various 3.6 or 3.9.
2) Turn off compression. This just slows you down over a high speed network. This should be done on the server side.
3) Use blowfish. In the /etc/ssh/ssh_config (client configuration file), set:
Ciphers blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
Blowfish was a bit faster than AES on the systems I tested.

The net effect was a boost to ~350Mbit/s, which is a significant improvement.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: