Vana
Benchmarking SSH cipher/HMACs
Written by Eric Schwimmer
Want to benchmark all of the possible SSH cipher/MAC permutations on your Linux box? Okay:
#!/bin/bash
RAMDISK=/mnt/cipherspeed
DATA=$RAMDISK/data
OUTPUT=/tmp/cipherspeed
TMP=$OUTPUT.$$
CIPHERS="aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128
aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc
aes256-cbc arcfour"
MACS="hmac-md5 hmac-sha1 umac-64@openssh.com hmac-ripemd160
hmac-sha1-96 hmac-md5-96"
[[ -d $RAMDISK ]] && (umount $RAMDISK &> /dev/null ; rm -rf $RAMDISK)
mkdir $RAMDISK
mount -t tmpfs -o size=512m tmpfs $RAMDISK
dd if=/dev/zero bs=1M count=512 2>/dev/null | \
openssl enc -rc4-40 -pass pass:weak > $DATA
for c in $CIPHERS; do for m in $MACS; do
( ssh -o 'compression no' -2 -m $m -c $c localhost \
"dd of=/dev/null" < $DATA ) 2>&1 | \
awk '/copied/ { printf "%.0f %s %s", $1/$6, $8, $9}' >> $TMP
[[ $? ]] && (echo " $c/$m" >> $TMP ; tail -1 $TMP)
done; done
CIPHERS="3des blowfish"
for c in $CIPHERS; do
( ssh -o 'compression no' -1 -c $c localhost \
"dd of=/dev/null" < $DATA ) 2>&1 | \
awk '/copied/ { printf "%.0f %s %s", $1/$6, $8, $9}' >> $TMP
[[ $? ]] && (echo " $c" >> $TMP ; tail -1 $TMP)
done;
sort -rn $TMP >> $OUTPUT
rm -f $TMP
echo "Results available in $OUTPUT"
sleep 1
umount $RAMDISK
rmdir $RAMDISKAdjust the CIPHER and MAC strings to your liking (if anybody knows how to programatically determine the available ciphers and/or MACs, drop me a line).
If you are running a semi-recent version of Linux on semi-newish Intel box (i.e. one that supports AES-NI, which should be all post-Nehalem CPUs), "aes128-ctr/umac-64@openssh.com" is probably going to be the fastest combo for you (I get around 360 MB/s on my dev box).