SSH Cypher Speed Comparison for rsync
In setting up a backup system using rsync and ssh, we need to find a balance between system resources, speed and security. Once upon a time, Openssh allowed ‘none’ to be selected as an encryption cypher, but that did not last very long. For many years arcfour was the fastest cypher, and so useful when transmitting large amounts of data with low security demands.
Then one day it happened…a new system would not do arcfour – it seemed it had been removed as an encryption method.
Two different servers with different CPU types and different OS versions.
I had to find out which encryption was going to suit my purposes.
To test the two systems, I firstly listed the available ciphers using ‘ssh -Q cipher’
Then I tested each cipher by copying a file from localhost to /dev/null
A simple inspection of the results file showed me that aes128-cbc was the fastest cipher common to the two systems.
#!/bin/sh
for cipher in chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr \
aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc aes192-cbc aes256-cbc
do
echo “$cipher”
for try in 1 2
do
time ssh -c “$cipher” localhost cat /root/testdata.dat > /dev/null
done
done
Server 1: CPU: AMD Opteron(tm) Processor 3280 (2400.05-MHz K8-class CPU running FreeBSD 9.3
Server2: CPU: Intel(R) Xeon(R) CPU E31240 @ 3.30GHz (3292.59-MHz K8-class CPU) running FreeBSD 10.3
Server 1 results
aes128-ctr
3.60 real 2.71 user 0.16 sys
3.25 real 2.54 user 0.11 sys
aes192-ctr
3.08 real 2.19 user 0.14 sys
3.86 real 3.20 user 0.08 sys
aes256-ctr
2.92 real 2.18 user 0.14 sys
3.24 real 2.21 user 0.14 sys
arcfour256
1.50 real 0.79 user 0.13 sys
1.53 real 0.81 user 0.11 sys
arcfour128
1.58 real 0.77 user 0.15 sys
1.62 real 0.90 user 0.14 sys
aes128-cbc
2.76 real 1.75 user 0.09 sys
2.38 real 1.73 user 0.07 sys
3des-cbc
8.73 real 7.97 user 0.15 sys
8.72 real 8.08 user 0.04 sys
blowfish-cbc
2.92 real 2.26 user 0.10 sys
2.93 real 2.25 user 0.10 sys
cast128-cbc
3.36 real 2.56 user 0.13 sys
3.27 real 2.45 user 0.18 sys
aes192-cbc
2.86 real 2.16 user 0.11 sys
2.53 real 1.79 user 0.18 sys
aes256-cbc
3.05 real 2.12 user 0.08 sys
2.74 real 2.02 user 0.15 sys
arcfour
1.51 real 0.72 user 0.19 sys
1.51 real 0.70 user 0.21 sys
Server 2 results
chacha20-poly1305@openssh.com
2.18 real 1.61 user 0.18 sys
2.05 real 1.63 user 0.16 sys
aes128-ctr
0.90 real 0.49 user 0.16 sys
1.06 real 0.54 user 0.11 sys
aes192-ctr
0.93 real 0.49 user 0.18 sys
0.93 real 0.46 user 0.21 sys
aes256-ctr
0.95 real 0.49 user 0.19 sys
0.95 real 0.54 user 0.15 sys
aes128-gcm@openssh.com
1.00 real 0.46 user 0.12 sys
0.85 real 0.42 user 0.16 sys
aes256-gcm@openssh.com
0.84 real 0.49 user 0.09 sys
0.88 real 0.43 user 0.18 sys
aes128-cbc
1.31 real 0.56 user 0.13 sys
1.30 real 0.51 user 0.18 sys
aes192-cbc
1.40 real 0.53 user 0.18 sys
1.40 real 0.49 user 0.23 sys
aes256-cbc
1.69 real 0.55 user 0.17 sys
1.50 real 0.58 user 0.14 sys
