OpenSSH/Tests

From Segfault
Jump to navigation Jump to search

December 2019

MacBook Pro Mid 2009

The updated ssh-performance.sh now tries every valid cipher/mac/kex combination (via ssh -Q) and runs only valid configurations. 

~/bin/ssh-performance.sh run localhost 1000 3 | tee report.2

After a few hours, the results are in (Intel P8700, Penryn): 

$ ~/bin/ssh-performance.sh report report.2 | head -20
### Top-5 overall
2095/3344 cipher: aes128-ctr     mac: hmac-sha1          kex: ecdh-sha2-nistp256 - 13 seconds avg.
2097/3344 cipher: aes128-ctr     mac: hmac-sha1          kex: ecdh-sha2-nistp521 - 13 seconds avg.
2117/3344 cipher: aes128-ctr     mac: hmac-sha2-256      kex: ecdh-sha2-nistp256 - 13 seconds avg.
2128/3344 cipher: aes128-ctr     mac: hmac-sha2-512      kex: ecdh-sha2-nistp256 - 13 seconds avg.
2182/3344 cipher: aes128-ctr     mac: umac-64@openssh.com kex: diffie-hellman-group-exchange-sha256 - 13 seconds avg.

### Fastest cipher
   5 aes128-ctr 13 seconds

### Fastest MAC
   5 hmac-md5 13 seconds

### Fastest Kex
   5 curve25519-sha256@libssh.org 13 seconds

### Top-5 for each cipher
### Cipher: aes128-ctr
2095/3344 cipher: aes128-ctr     mac: hmac-sha1          kex: ecdh-sha2-nistp256 - 13 seconds avg.
2097/3344 cipher: aes128-ctr     mac: hmac-sha1          kex: ecdh-sha2-nistp521 - 13 seconds avg.

Thinkpad E431

And another run, with an Intel i7-3632QM, Ivy Bridge processor: 

$ ~/bin/ssh-performance.sh run localhost 1000 3 | tee report.out
$ ~/bin/ssh-performance.sh report report.out | head -20
### Top-5 overall
1034/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: diffie-hellman-group14-sha1 - 5 seconds avg.
1037/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: diffie-hellman-group18-sha512 - 5 seconds avg.
1039/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: diffie-hellman-group-exchange-sha256 - 5 seconds avg.
1040/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: ecdh-sha2-nistp256 - 5 seconds avg.
1041/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: ecdh-sha2-nistp384 - 5 seconds avg.

### Fastest cipher
      5 aes128-ctr 5 seconds

### Fastest MAC
      5 hmac-md5 5 seconds

### Fastest Kex
      5 curve25519-sha256 5 seconds

### Top-5 for each cipher
### Cipher: aes128-ctr
1034/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: diffie-hellman-group14-sha1 - 5 seconds avg.
1037/2112 cipher: aes128-ctr     mac: umac-64@openssh.com        kex: diffie-hellman-group18-sha512 - 5 seconds avg.

June 2015

Ciphers, MACs, Kex

There was a question on Stackexchange[1] that made me wonder which combination of ciphers, MAC and key exchange algorithms are supported by some of my machines.

Our local host is a Fedora 20 system (openssh-6.4p1-3.fc20.x86_64), the remote system is running openSUSE 11.4 (openssh-5.8p1-4.1.x86_64) 

$ ~/bin/ssh-features.sh dummy@suse0 | tee ssh-eval.log
[...]

$  head -20 ssh-eval.log 
Ciphers (14):
aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour

MACs (14):
hmac-md5-etm@openssh.com hmac-sha1-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-ripemd160-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-md5 hmac-sha1 umac-64@openssh.com umac-128@openssh.com hmac-sha2-256

KexAlgorithms (7):
ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1


debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8

cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp256   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp384   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp521   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha256   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha1   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group14-sha1   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group1-sha1   exit: 255
cipher: aes128-ctr mac: hmac-sha1-etm@openssh.com kex: ecdh-sha2-nistp256   exit: 255

...and on it goes. The exit code of 255 means that the combination was rejected for whatever reason, an exit code of 0 means we were able to execute /bin/true on the remote system.

So, we have 14 different ciphers, 14 MAC algorithms, 7 key exchange algorithms that would amount to 1372 combinations. 

$ grep -c ^cipher ssh-eval.log 
1372

Most of them were unusable combinations: 

$ grep -c exit:\ 255 ssh-eval.log 
1120

And 252 combinations were able to establish a connection: 

$ grep -c exit:\ 0 ssh-eval.log 
252

Some more statistics, on ciphers: 

$ for c in `~/bin/ssh-features.sh | grep -A1 ^Ciphers | tail -1`; do printf "cipher $c OK: "; grep exit:\ 0 ssh-eval.log | grep -c $c; done | sort -nk4
cipher aes128-gcm@openssh.com OK: 0
cipher aes256-gcm@openssh.com OK: 0
cipher 3des-cbc OK: 21
cipher aes128-cbc OK: 21
cipher aes128-ctr OK: 21
cipher aes192-cbc OK: 21
cipher aes192-ctr OK: 21
cipher aes256-cbc OK: 21
cipher aes256-ctr OK: 21
cipher arcfour128 OK: 21
cipher arcfour256 OK: 21
cipher blowfish-cbc OK: 21
cipher cast128-cbc OK: 21
cipher arcfour OK: 63

...on MACs: 

$ for m in `~/bin/ssh-features.sh | grep -A1 ^MACs | tail -1`; do printf "mac $m OK: "; grep exit:\ 0 ssh-eval.log | grep -c $m; done | sort -nk4
mac hmac-md5-96-etm@openssh.com OK: 0
mac hmac-md5-etm@openssh.com OK: 0
mac hmac-ripemd160-etm@openssh.com OK: 0
mac hmac-sha1-96-etm@openssh.com OK: 0
mac hmac-sha1-etm@openssh.com OK: 0
mac hmac-sha2-256-etm@openssh.com OK: 0
mac hmac-sha2-256 OK: 0
mac hmac-sha2-512-etm@openssh.com OK: 0
mac umac-128-etm@openssh.com OK: 0
mac umac-128@openssh.com OK: 0
mac umac-64-etm@openssh.com OK: 0
mac hmac-md5 OK: 84
mac hmac-sha1 OK: 84
mac umac-64@openssh.com OK: 84

...on key exchange algorithms: 

$ for k in `~/bin/ssh-features.sh | grep -A1 ^KexAlgorithms | tail -1`; do printf "kex $k OK: "; grep exit:\ 0 ssh-eval.log | grep -c $k; done | sort -nk4
kex diffie-hellman-group14-sha1 OK: 36
kex diffie-hellman-group1-sha1 OK: 36
kex diffie-hellman-group-exchange-sha1 OK: 36
kex diffie-hellman-group-exchange-sha256 OK: 36
kex ecdh-sha2-nistp256 OK: 36
kex ecdh-sha2-nistp384 OK: 36
kex ecdh-sha2-nistp521 OK: 36

Conclusions (that will vary depending on the used SSH versions):

  • Ciphers: the -gcm ciphers were not usable - they were only introduced in OpenSSH 6.2[2]
  • MACs: only hmac-md5, hmac-sha1 and umac-64@openssh.com[3][4] were usable and none of the etm-MACs ("encrypt-then-mac") produced a usable combination!
  • Every key exchange algorithm was supported

Speed

Let's transfer 10 MB of \0 (zero) characters to the remote system: 

$ awk '/exit:\ 0/ {print $2,$4,$6}' ssh-eval.log | head -3 | while read c m k; do
  printf "cipher: $c mac: $m kex: $k - "
  a=`date +%s`
  dd if=/dev/zero bs=1M count=10 2>/dev/null | \
  ssh -T -o Ciphers="$c" -o MACs="$m" -o KexAlgorithms="$k" dummy@suse0 > /dev/null
  b=`date +%s`
  echo "`expr $b - $a` seconds"
done | tee ssh-speed-10M.log
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp256 - 8 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp384 - 9 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds
[...]

The fastest combinations for 10MB: 

$ sort -nk8 ssh-speed-10M.log | head -3
cipher: 3des-cbc mac: hmac-md5 kex: diffie-hellman-group14-sha1 - 5 seconds
cipher: 3des-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 5 seconds
cipher: aes128-cbc mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 5 seconds

The slowest combinations for 10MB: 

$ sort -nk8 ssh-speed-10M.log | tail -3
cipher: aes256-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp521 - 10 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds
cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 12 seconds

Let's do the same again with 50 MB (in 512K chunks): 

...; dd if=/dev/zero bs=512k count=100 2>/dev/null | ssh -T ... | tee ssh-speed-50M.log

The fastest combinations for 50MB: 

$ sort -nk8 ssh-speed-50M.log | head -3
cipher: arcfour128 mac: hmac-sha1 kex: diffie-hellman-group1-sha1 - 19 seconds
cipher: arcfour256 mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 19 seconds
cipher: arcfour mac: hmac-md5 kex: diffie-hellman-group-exchange-sha256 - 19 seconds

The slowest combinations for 50MB: 

$ sort -nk8 ssh-speed-50M.log | tail -3
cipher: aes192-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 29 seconds
cipher: aes192-cbc mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 29 seconds
cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp384 - 31 seconds

References

  1. OpenSSH default/preferred ciphers, hash, etc for SSH2
  2. OpenSSH 6.2 Release Notes
  3. OpenSSH 4.7 has just been released
  4. RFC4418 - UMAC: Message Authentication Code using Universal Hashing
Retrieved from "https://trent.utfs.org/mediawiki/index.php?title=OpenSSH/Tests&oldid=11609"