NerdVana

We reject your reality and substitute our own.

Benchmarking SSH cipher/HMACs

Written by Eric Schwimmer

Want to benchmark all of the possible SSH cipher/MAC permutations on your Linux box? Okay:

#!/bin/bash

RAMDISK=/mnt/cipherspeed
DATA=$RAMDISK/data
OUTPUT=/tmp/cipherspeed
TMP=$OUTPUT.$$

CIPHERS="aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128  
aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc 
aes256-cbc arcfour"

MACS="hmac-md5 hmac-sha1 umac-64@openssh.com hmac-ripemd160 
hmac-sha1-96 hmac-md5-96"

[[ -d $RAMDISK ]] && (umount $RAMDISK &> /dev/null ; rm -rf $RAMDISK)
mkdir $RAMDISK
mount -t tmpfs -o size=512m tmpfs $RAMDISK
dd if=/dev/zero bs=1M count=512 2>/dev/null | \
    openssl enc -rc4-40 -pass pass:weak > $DATA

for c in $CIPHERS; do for m in $MACS; do
    ( ssh -o 'compression no' -2 -m $m -c $c localhost \
        "dd of=/dev/null" < $DATA ) 2>&1 | \
    awk '/copied/ { printf "%.0f %s %s", $1/$6, $8, $9}' >> $TMP
   [[ $? ]] && (echo " $c/$m" >> $TMP ;  tail -1 $TMP)
done; done

CIPHERS="3des blowfish"
for c in $CIPHERS; do
    ( ssh -o 'compression no' -1 -c $c localhost \
        "dd of=/dev/null" < $DATA ) 2>&1 | \
    awk '/copied/ { printf "%.0f %s %s", $1/$6, $8, $9}' >> $TMP
    [[ $? ]] && (echo " $c" >> $TMP ;  tail -1 $TMP)
done;

sort -rn $TMP >> $OUTPUT
rm -f $TMP
echo "Results available in $OUTPUT"
sleep 1
umount $RAMDISK
rmdir $RAMDISK

Adjust the CIPHER and MAC strings to your liking (if anybody knows how to programatically determine the available ciphers and/or MACs, drop me a line).

If you are running a semi-recent version of Linux on semi-newish Intel box (i.e. one that supports AES-NI, which should be all post-Nehalem CPUs), "aes128-ctr/umac-64@openssh.com" is probably going to be the fastest combo for you (I get around 360 MB/s on my dev box).


comments powered by Disqus