OpenSSH/Tests
December 2019
MacBook Pro Mid 2009
The updated ssh-performance.sh now tries every valid cipher/mac/kex combination (via ssh -Q
) and runs only valid configurations.
~/bin/ssh-performance.sh run localhost 1000 3 | tee report.2
After a few hours, the results are in (Intel P8700, Penryn):
$ ~/bin/ssh-performance.sh report report.2 | head -20 ### Top-5 overall 2095/3344 cipher: aes128-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp256 - 13 seconds avg. 2097/3344 cipher: aes128-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp521 - 13 seconds avg. 2117/3344 cipher: aes128-ctr mac: hmac-sha2-256 kex: ecdh-sha2-nistp256 - 13 seconds avg. 2128/3344 cipher: aes128-ctr mac: hmac-sha2-512 kex: ecdh-sha2-nistp256 - 13 seconds avg. 2182/3344 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group-exchange-sha256 - 13 seconds avg. ### Fastest cipher 5 aes128-ctr 13 seconds ### Fastest MAC 5 hmac-md5 13 seconds ### Fastest Kex 5 curve25519-sha256@libssh.org 13 seconds ### Top-5 for each cipher ### Cipher: aes128-ctr 2095/3344 cipher: aes128-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp256 - 13 seconds avg. 2097/3344 cipher: aes128-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp521 - 13 seconds avg.
Thinkpad E431
And another run, with an Intel i7-3632QM, Ivy Bridge processor:
$ ~/bin/ssh-performance.sh run localhost 1000 3 | tee report.out $ ~/bin/ssh-performance.sh report report.out | head -20 ### Top-5 overall 1034/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 5 seconds avg. 1037/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group18-sha512 - 5 seconds avg. 1039/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group-exchange-sha256 - 5 seconds avg. 1040/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: ecdh-sha2-nistp256 - 5 seconds avg. 1041/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: ecdh-sha2-nistp384 - 5 seconds avg. ### Fastest cipher 5 aes128-ctr 5 seconds ### Fastest MAC 5 hmac-md5 5 seconds ### Fastest Kex 5 curve25519-sha256 5 seconds ### Top-5 for each cipher ### Cipher: aes128-ctr 1034/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 5 seconds avg. 1037/2112 cipher: aes128-ctr mac: umac-64@openssh.com kex: diffie-hellman-group18-sha512 - 5 seconds avg.
June 2015
Ciphers, MACs, Kex
There was a question on Stackexchange[1] that made me wonder which combination of ciphers, MAC and key exchange algorithms are supported by some of my machines.
Our local host is a Fedora 20 system (openssh-6.4p1-3.fc20.x86_64), the remote system is running openSUSE 11.4 (openssh-5.8p1-4.1.x86_64)
$ ~/bin/ssh-features.sh dummy@suse0 | tee ssh-eval.log [...] $ head -20 ssh-eval.log Ciphers (14): aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour MACs (14): hmac-md5-etm@openssh.com hmac-sha1-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-ripemd160-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-md5 hmac-sha1 umac-64@openssh.com umac-128@openssh.com hmac-sha2-256 KexAlgorithms (7): ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 debug1: Local version string SSH-2.0-OpenSSH_6.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp256 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp384 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp521 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha256 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha1 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group14-sha1 exit: 255 cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group1-sha1 exit: 255 cipher: aes128-ctr mac: hmac-sha1-etm@openssh.com kex: ecdh-sha2-nistp256 exit: 255
...and on it goes. The exit code of 255 means that the combination was rejected for whatever reason, an exit code of 0 means we were able to execute /bin/true on the remote system.
So, we have 14 different ciphers, 14 MAC algorithms, 7 key exchange algorithms that would amount to 1372 combinations.
$ grep -c ^cipher ssh-eval.log 1372
Most of them were unusable combinations:
$ grep -c exit:\ 255 ssh-eval.log 1120
And 252 combinations were able to establish a connection:
$ grep -c exit:\ 0 ssh-eval.log 252
Some more statistics, on ciphers:
$ for c in `~/bin/ssh-features.sh | grep -A1 ^Ciphers | tail -1`; do printf "cipher $c OK: "; grep exit:\ 0 ssh-eval.log | grep -c $c; done | sort -nk4 cipher aes128-gcm@openssh.com OK: 0 cipher aes256-gcm@openssh.com OK: 0 cipher 3des-cbc OK: 21 cipher aes128-cbc OK: 21 cipher aes128-ctr OK: 21 cipher aes192-cbc OK: 21 cipher aes192-ctr OK: 21 cipher aes256-cbc OK: 21 cipher aes256-ctr OK: 21 cipher arcfour128 OK: 21 cipher arcfour256 OK: 21 cipher blowfish-cbc OK: 21 cipher cast128-cbc OK: 21 cipher arcfour OK: 63
...on MACs:
$ for m in `~/bin/ssh-features.sh | grep -A1 ^MACs | tail -1`; do printf "mac $m OK: "; grep exit:\ 0 ssh-eval.log | grep -c $m; done | sort -nk4 mac hmac-md5-96-etm@openssh.com OK: 0 mac hmac-md5-etm@openssh.com OK: 0 mac hmac-ripemd160-etm@openssh.com OK: 0 mac hmac-sha1-96-etm@openssh.com OK: 0 mac hmac-sha1-etm@openssh.com OK: 0 mac hmac-sha2-256-etm@openssh.com OK: 0 mac hmac-sha2-256 OK: 0 mac hmac-sha2-512-etm@openssh.com OK: 0 mac umac-128-etm@openssh.com OK: 0 mac umac-128@openssh.com OK: 0 mac umac-64-etm@openssh.com OK: 0 mac hmac-md5 OK: 84 mac hmac-sha1 OK: 84 mac umac-64@openssh.com OK: 84
...on key exchange algorithms:
$ for k in `~/bin/ssh-features.sh | grep -A1 ^KexAlgorithms | tail -1`; do printf "kex $k OK: "; grep exit:\ 0 ssh-eval.log | grep -c $k; done | sort -nk4 kex diffie-hellman-group14-sha1 OK: 36 kex diffie-hellman-group1-sha1 OK: 36 kex diffie-hellman-group-exchange-sha1 OK: 36 kex diffie-hellman-group-exchange-sha256 OK: 36 kex ecdh-sha2-nistp256 OK: 36 kex ecdh-sha2-nistp384 OK: 36 kex ecdh-sha2-nistp521 OK: 36
Conclusions (that will vary depending on the used SSH versions):
- Ciphers: the -gcm ciphers were not usable - they were only introduced in OpenSSH 6.2[2]
- MACs: only hmac-md5, hmac-sha1 and umac-64@openssh.com[3][4] were usable and none of the etm-MACs ("encrypt-then-mac") produced a usable combination!
- Every key exchange algorithm was supported
Speed
Let's transfer 10 MB of \0 (zero) characters to the remote system:
$ awk '/exit:\ 0/ {print $2,$4,$6}' ssh-eval.log | head -3 | while read c m k; do printf "cipher: $c mac: $m kex: $k - " a=`date +%s` dd if=/dev/zero bs=1M count=10 2>/dev/null | \ ssh -T -o Ciphers="$c" -o MACs="$m" -o KexAlgorithms="$k" dummy@suse0 > /dev/null b=`date +%s` echo "`expr $b - $a` seconds" done | tee ssh-speed-10M.log cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp256 - 8 seconds cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp384 - 9 seconds cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds [...]
The fastest combinations for 10MB:
$ sort -nk8 ssh-speed-10M.log | head -3 cipher: 3des-cbc mac: hmac-md5 kex: diffie-hellman-group14-sha1 - 5 seconds cipher: 3des-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 5 seconds cipher: aes128-cbc mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 5 seconds
The slowest combinations for 10MB:
$ sort -nk8 ssh-speed-10M.log | tail -3 cipher: aes256-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp521 - 10 seconds cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 12 seconds
Let's do the same again with 50 MB (in 512K chunks):
...; dd if=/dev/zero bs=512k count=100 2>/dev/null | ssh -T ... | tee ssh-speed-50M.log
The fastest combinations for 50MB:
$ sort -nk8 ssh-speed-50M.log | head -3 cipher: arcfour128 mac: hmac-sha1 kex: diffie-hellman-group1-sha1 - 19 seconds cipher: arcfour256 mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 19 seconds cipher: arcfour mac: hmac-md5 kex: diffie-hellman-group-exchange-sha256 - 19 seconds
The slowest combinations for 50MB:
$ sort -nk8 ssh-speed-50M.log | tail -3 cipher: aes192-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 29 seconds cipher: aes192-cbc mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 29 seconds cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp384 - 31 seconds