OpenSSH/Tests

From Segfault
Jump to: navigation, search

Ciphers, MACs, Kex

There was a question on Stackexchange[1] that made me wonder which combination of ciphers, MAC and key exchange algorithms are supported by some of my machines.

Our local host is a Fedora 20 system (openssh-6.4p1-3.fc20.x86_64), the remote system is running openSUSE 11.4 (openssh-5.8p1-4.1.x86_64)

$ ~/bin/ssh-features.sh dummy@suse0 | tee ssh-eval.log
[...]

$  head -20 ssh-eval.log 
Ciphers (14):
aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-gcm@openssh.com aes256-gcm@openssh.com aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour

MACs (14):
hmac-md5-etm@openssh.com hmac-sha1-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-ripemd160-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-md5 hmac-sha1 umac-64@openssh.com umac-128@openssh.com hmac-sha2-256

KexAlgorithms (7):
ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1


debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8

cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp256   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp384   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: ecdh-sha2-nistp521   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha256   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group-exchange-sha1   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group14-sha1   exit: 255
cipher: aes128-ctr mac: hmac-md5-etm@openssh.com kex: diffie-hellman-group1-sha1   exit: 255
cipher: aes128-ctr mac: hmac-sha1-etm@openssh.com kex: ecdh-sha2-nistp256   exit: 255

...and on it goes. The exit code of 255 means that the combination was rejected for whatever reason, an exit code of 0 means we were able to execute /bin/true on the remote system.

So, we have 14 different ciphers, 14 MAC algorithms, 7 key exchange algorithms that would amount to 1372 combinations.

$ grep -c ^cipher ssh-eval.log 
1372

Most of them were unusable combinations:

$ grep -c exit:\ 255 ssh-eval.log 
1120

And 252 combinations were able to establish a connection:

$ grep -c exit:\ 0 ssh-eval.log 
252

Some more statistics, on ciphers:

$ for c in `~/bin/ssh-features.sh | grep -A1 ^Ciphers | tail -1`; do printf "cipher $c OK: "; grep exit:\ 0 ssh-eval.log | grep -c $c; done | sort -nk4
cipher aes128-gcm@openssh.com OK: 0
cipher aes256-gcm@openssh.com OK: 0
cipher 3des-cbc OK: 21
cipher aes128-cbc OK: 21
cipher aes128-ctr OK: 21
cipher aes192-cbc OK: 21
cipher aes192-ctr OK: 21
cipher aes256-cbc OK: 21
cipher aes256-ctr OK: 21
cipher arcfour128 OK: 21
cipher arcfour256 OK: 21
cipher blowfish-cbc OK: 21
cipher cast128-cbc OK: 21
cipher arcfour OK: 63

...on MACs:

$ for m in `~/bin/ssh-features.sh | grep -A1 ^MACs | tail -1`; do printf "mac $m OK: "; grep exit:\ 0 ssh-eval.log | grep -c $m; done | sort -nk4
mac hmac-md5-96-etm@openssh.com OK: 0
mac hmac-md5-etm@openssh.com OK: 0
mac hmac-ripemd160-etm@openssh.com OK: 0
mac hmac-sha1-96-etm@openssh.com OK: 0
mac hmac-sha1-etm@openssh.com OK: 0
mac hmac-sha2-256-etm@openssh.com OK: 0
mac hmac-sha2-256 OK: 0
mac hmac-sha2-512-etm@openssh.com OK: 0
mac umac-128-etm@openssh.com OK: 0
mac umac-128@openssh.com OK: 0
mac umac-64-etm@openssh.com OK: 0
mac hmac-md5 OK: 84
mac hmac-sha1 OK: 84
mac umac-64@openssh.com OK: 84

...on key exchange algorithms:

$ for k in `~/bin/ssh-features.sh | grep -A1 ^KexAlgorithms | tail -1`; do printf "kex $k OK: "; grep exit:\ 0 ssh-eval.log | grep -c $k; done | sort -nk4
kex diffie-hellman-group14-sha1 OK: 36
kex diffie-hellman-group1-sha1 OK: 36
kex diffie-hellman-group-exchange-sha1 OK: 36
kex diffie-hellman-group-exchange-sha256 OK: 36
kex ecdh-sha2-nistp256 OK: 36
kex ecdh-sha2-nistp384 OK: 36
kex ecdh-sha2-nistp521 OK: 36

Conclusions (that will vary depending on the used SSH versions):

  • Ciphers: the -gcm ciphers were not usable - they were only introduced in OpenSSH 6.2[2]
  • MACs: only hmac-md5, hmac-sha1 and umac-64@openssh.com[3][4] were usable and none of the etm-MACs ("encrypt-then-mac") produced a usable combination!
  • Every key exchange algorithm was supported

Speed

Let's transfer 10 MB of \0 (zero) characters to the remote system:

$ awk '/exit:\ 0/ {print $2,$4,$6}' ssh-eval.log | head -3 | while read c m k; do
  printf "cipher: $c mac: $m kex: $k - "
  a=`date +%s`
  dd if=/dev/zero bs=1M count=10 2>/dev/null | \
  ssh -T -o Ciphers="$c" -o MACs="$m" -o KexAlgorithms="$k" dummy@suse0 > /dev/null
  b=`date +%s`
  echo "`expr $b - $a` seconds"
done | tee ssh-speed-10M.log
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp256 - 8 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp384 - 9 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds
[...]

The fastest combinations for 10MB:

$ sort -nk8 ssh-speed-10M.log | head -3
cipher: 3des-cbc mac: hmac-md5 kex: diffie-hellman-group14-sha1 - 5 seconds
cipher: 3des-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 5 seconds
cipher: aes128-cbc mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 5 seconds

The slowest combinations for 10MB:

$ sort -nk8 ssh-speed-10M.log | tail -3
cipher: aes256-ctr mac: hmac-sha1 kex: ecdh-sha2-nistp521 - 10 seconds
cipher: aes128-ctr mac: hmac-md5 kex: ecdh-sha2-nistp521 - 11 seconds
cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 12 seconds

Let's do the same again with 50 MB (in 512K chunks):

...; dd if=/dev/zero bs=512k count=100 2>/dev/null | ssh -T ... | tee ssh-speed-50M.log

The fastest combinations for 50MB:

$ sort -nk8 ssh-speed-50M.log | head -3
cipher: arcfour128 mac: hmac-sha1 kex: diffie-hellman-group1-sha1 - 19 seconds
cipher: arcfour256 mac: hmac-sha1 kex: diffie-hellman-group14-sha1 - 19 seconds
cipher: arcfour mac: hmac-md5 kex: diffie-hellman-group-exchange-sha256 - 19 seconds

The slowest combinations for 50MB:

$ sort -nk8 ssh-speed-50M.log | tail -3
cipher: aes192-cbc mac: umac-64@openssh.com kex: diffie-hellman-group14-sha1 - 29 seconds
cipher: aes192-cbc mac: umac-64@openssh.com kex: ecdh-sha2-nistp521 - 29 seconds
cipher: arcfour128 mac: umac-64@openssh.com kex: ecdh-sha2-nistp384 - 31 seconds

References